The FBI has confirmed it is investigating the iPad security breach that led to the collection of the email addresses of over 114,000 users.Yesterday Goatse Security announced that it had exploited a flaw in AT&T's security protocols that allowed them to harvest data on 114,067 iPad 3G owners. These included the White House chief of staff, New York major Michael Bloomberg and numerous senior people in the military, media and commerce."The FBI is aware of these possible computer intrusions and has opened an investigation," Katherine Schweit, an FBI spokeswoman, told the Wall Street Journal.Ms. Schweit said the FBI opened the investigation today but it will not comment on what it is looking at. "It's very early in the investigation," she said.Meanwhile security researchers at Praetorian Prefect have published the full exploit code used in the attack. The flaw is a simple one they said, which required no actual hacking.“An e-mail address gets returned in the successful iterations (active ICCID) and parsed,” said the company in a blog posting.“There’s no hack, no infiltration, and no breach, just a really poorly designed web application that returns e-mail address when ICCID is passed to it.”AT&T said in a statement that the function on its web site that allowed the emails to vbe collected had now been altered to fix the problem.“This issue was escalated to the highest levels of the company and was corrected by Tuesday, and we have essentially turned off the feature that provided the e-mail addresses,” AT&T said in a statement.
Issue: 316 | July 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.