FBI investigating iPad breach

AT&T security hole exploit code published.

The FBI has confirmed it is investigating the iPad security breach that led to the collection of the email addresses of over 114,000 users.

Yesterday Goatse Security announced that it had exploited a flaw in AT&T's security protocols that allowed them to harvest data on 114,067 iPad 3G owners. These included the White House chief of staff, New York major Michael Bloomberg and numerous senior people in the military, media and commerce.

"The FBI is aware of these possible computer intrusions and has opened an investigation," Katherine Schweit, an FBI spokeswoman, told the Wall Street Journal.

Ms. Schweit said the FBI opened the investigation today but it will not comment on what it is looking at. "It's very early in the investigation," she said.

Meanwhile security researchers at Praetorian Prefect have published the full exploit code used in the attack. The flaw is a simple one they said, which required no actual hacking.

“An e-mail address gets returned in the successful iterations (active ICCID) and parsed,” said the company in a blog posting.

“There’s no hack, no infiltration, and no breach, just a really poorly designed web application that returns e-mail address when ICCID is passed to it.”

AT&T said in a statement that the function on its web site that allowed the emails to vbe collected had now been altered to fix the problem.

“This issue was escalated to the highest levels of the company and was corrected by Tuesday, and we have essentially turned off the feature that provided the e-mail addresses,” AT&T said in a statement.