Blog

It’s all about the security of iPad opens by FBI..

The hacker responsible for the iPad security breach is probably a little more anxious today than he was yesterday now that the FBI has said it’s in the early stages of investigating just how he got the private e-mails of thousands of govenment, military, business and media officials.

Gawker first reported Wednesday that white-hat hackers, self-styled high tech vigilantes who expose weak computer security in order to get the network’s owners to fix the problems, had apparently penetrated an insecure AT&T server and obtained the e-mails of thousands of people with cellular iPads, some of them quite famous.

For instance, White House chief of staff Rahm Emanuel, New York City Mayor Michael Bloomberg and New York Times Co. chief executive officer Janet Robinson, along with tens of thousands of others had their e-mails exposed through the weakness in the AT&T system. All told the information of 114,000 iPad users was said to be exposed.

June 11 (Bloomberg) — The Federal Bureau of Investigation started an investigation of a security breach in AT&T Inc.’s wireless network that exposed the e-mail addresses of users of Apple Inc.’s iPad 3G.

‘The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat,’FBI spokeswoman Lindsay Godwin said yesterday in an e-mail.

A group called Goatse Security said it obtained the e-mail addresses through a program on AT&T’s website, according to Gawker Media’s Valleywag website, to whom the group released addresses of iPad users, including New York Times Co. Chief Executive Officer Janet Robinson and New York Mayor Michael Bloomberg. The addresses were released on condition that the website not publish them, Goatse Security analyst Escher Auernheimer said in a phone interview.

Now it seems the FBI has taken an interest in the case and has launched an investigation into the “potential cyber threat” of the snafu. As far as we know and have seen, the hackers were able to obtain just email addresses, although with that comes the knowledge that the victims in question own iPad 3Gs and don’t mind AT&T’s service — don’t click on any odd billing statements if you were affected. As stated previously, the carrier has subsequently apologized and proverbially “plugged the hole” from which the info was obtained.

Valleywag said on its website on June 9 that about 114,000 e-mail addresses of iPad users, including members of the U.S. military and executives at media, technology and finance companies, were compromised.

Apple has sold more than 2 million iPads since releasing the device in April. Some models of the iPad tablet work with AT&T’s third-generation wireless network, and other versions only work on Wi-Fi networks. Apple doesn’t say how many of each model it has sold.

A computer crime task force in a suburb of San Francisco is investigating how an unreleased prototype of Apple’s iPhone was obtained by technology blog Gizmodo, also owned by New York- based Gawker Media. Gizmodo said it purchased the phone for $5,000 after it was found in a bar in Redwood City, California. An Apple engineer left the device in the bar, said Gizmodo, which returned the phone to the company. Apple reported the device as stolen in April.

We did not contact AT&T directly, but we made sure that someone else tipped them off and waited for them to patch until we gave anything to Gawker. This is as “nice guy” as it gets. We had no interest in direct dialogue with AT&T, but we waited nicely for them to get their house in order and get their hole plugged tight before exposing it.This disclosure needed to be made. iPad 3G users had the right to know that their email addresses were potentially public knowledge so they could take steps to mitigate the issue (like changing their email address). This was done in service of the American public. Do you really think corporate privacy breaches should stay indefinitely secret? I don’t. If you’re potentially on a list of exploit targets because someone has an iPad Safari vulnerability and they scraped you in a gigantic list of emails it is best that you are informed of that sooner than later (after you’ve been successfully exploited). We did this to help you.

Not sure anything will come of this inquiry, but we’ll let you know what we hear.

Resources :npr.org,businessweek.com,engadget.com