Apple

iPad / AT&T vulnerability leaks email addresses… who is to blame?

10 Giu/10

Hackers have exploited a vulnerability on AT&T’s US network when iPad users authenticated themselves online that has allowed them to gain access to a list of 114,067 email addresses belonging to owners, it has been reported by gawker.

The group, calling themselves Goatse Security harvested the data using nothing more than a PHP script and are now in possession of some very high profile people’s contact details which include celebrities, white house officials and high ranking military officers.

So who is responsible for this, Apple or AT&T?  To be honest it’s going to be a bit of both and questions need to be asked why the hashing technique, common for exchanging passwords online, hasn’t been implemented here.

Hashing runs your password through a cipher that scrambles it.  It’s a one-way cipher so that the password can never be unscrambled.  A similar cipher scrambles the password on the authenticating computer and then both of these ‘hash codes’ are compared.  The reason for doing this is so that no password is ever put in the open where it can be intercepted.

This is clearly what happened with the iPad hack and it will come as a blow to Apple’s reputation for developing secure operating systems, the iPad OS is based on the same Unix code as their OS X desktop and server operating systems after all.

It remains to be seen if and how quickly a firmware update will be rolled out by Apple to encrypt sensitive data as it’s broadcast over 3G and other wireless networks to authenticate users.  AT&T also have questions to answer on whether this technique can be used to gather sensitive data from any other devices on their network.

Fortunately the hackers notified AT&T of the breach so they could close the hole and came clean about the hack.  The next group of hackers might not feel so benevolent.


© Mike Halsey for gHacks technology news, Software And Internet Tips For The Geek In You, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, <a href="http://www.stumbleupon.com/submit?url=http://www.ghacks.net/2010/06/10/ipad-att-vulneability-leaks-email-addresses-who-is-to-blame/&title=iPad / AT&T vulnerability leaks email addresses… who is to blame?stumbleupon, twitter
Post tags: , , , ,

Continua a leggere – Original Link: iPad / AT&T vulnerability leaks email addresses… who is to blame?

Technorati Tags: , , , , , , ,

Leggi Anche

Condividi
Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in TecnoratiCondividi in Ok Notizie

Commenti

I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.

Autore

    Spina Rosario
    Inserito da
Gestionale Immobiliare - Realizzazione Sito Web per Agenzia Immobiliare

Archivio

Iscrizione Newsletter

    Tieniti informato con tutte le novità del mondo informatico con la nostra newsletter
    Email:

    Nome:

    Auto Shop Italia
    Web Burning Blog
    Info Privacy

Meta