Reports RESCUECOM's Top Five iPad Security Tips

More Attacks on iPads Since AT~amp~T Network Hack

FBI investigates iPad-AT&T breach as blame game plays out
June 11, 2010

Security experts have begun parsing the blame for the iPad-AT&T security breach that exposed the email address of some high-profile users.

Meanwhile, the FBI has launched an official investigation of a caper in which the perpetrators - greyhat researchers calling themselves Goatse Security - freely claim responsibility for the attack.

"We believe what we did was ethical," Goatse member Escher Auernheimer told PC World's Greg Keizer in a telephone interview. "What we did was right."

Auerheimer notes that Goatse waited until AT&T had closed the hole before outing the e-mail addresses it had grabbed. This, he contends, amounts to "responsible disclosure."

Going public with the discovery of a fresh security hole is one thing. But actually taking advantage of the vulnerability to steal data is another. Pierce the privacy of high-powered, well-connected iPad users, and you wake the sleeping giant: the FBI.

"The disclosure was completely irresponsible," says Sean Sullivan, Security Advisor, at antiviurus company F-Secure. "There is no reason why the Goatse Security group needed to harvest data. They only did it to sensationalize the issue and they are guilty of violating personal privacy."

Celebrity quotient

Goatse researchers claim to have extracted 114,000 e-mail addresses, including many high profile celebrities, athletes and politicos, New York City Mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel, and movie producer Harvey Weinstein, among them.

They did this by tricking AT&T's servers into divulging the correct unique identifier for the iPad and associated e-mail addresses. The incident, no doubt, has worsened the already strained relationship between AT&T and Apple, says Rick Munarriz, senior analyst at The Motley Fool. iPhone and iPad users have complained about dropped calls, poor signals and expensive usage rates, notes Munarriz.

Jon Heimerl, Director of Strategic Security at Solutionary, a data security consulting company, believes AT&T is largely at fault for this latest stumble. "In no way is this an ‘iPad breach,' " says Heimerl. " This was someone grabbing information off of an AT&T server that was accidentally left exposed to the Internet."

Hemanshu Nigam, founder of security consultancy SSP Blue, says Apple bears the largest share of culpabibility since it set the authentication requirements ATT was required to follow.

"This is exactly where the flaw existed," says Nigam, former security chief at MySpace. "Apple needs to start putting user security ahead of user convenience. The hacker community is obviously gearing up to dethrone the king and this is just another warning shot."

More iPad attacks likely

Heimerl and Nigam do agree on this point: wider use of iPads, especially among movers and shakers, portends intensified hacks - by professional cybercriminals, not just security researchers looking to grab headlines.

"The iPad is a new product, and as such likely has unintended (security weaknesses) built in." says Heimerl. "Odds are that someone will find something to hack in the device operating system, or in one of the primary applications that the iPad runs, like the Safari browser."

Although email addresses in and of themselves may seem low value, "knowing these addresses opens them up to a large number of spammers and would-be social engineers that will now be checking every login field on the Internet for accounts belonging to them," says Jason Haddix, Security Engineer at Redspin.

Sam Diaz, senior editor at ZDNet, calls out Mayor Bloomberg and Chief of Staff Emanuel, for owning iPads in the first place.

" What I would really want to know - given the volume of government officials whose official work e-mail addresses were found . . . is exactly who paid for all of these iPads that are reportedly in the hands of so many people in Washington, Diaz writes in this post. "Last time I checked, the iPad was a pretty expensive device, especially for government agencies that probably have better uses for government dollars other than to buy iPads."

iPad best security practices

In wake of the breach, Rescuecom CEO David A. Milman suggests these precautions for iPad users:

  • Turn off the 3G Network. AT&T has stated that there is no more threat to customers. However, turning off 3G wireless Internet service, at least temporarily, will protect an individual's personal data from any further attack.
  • Request a new SIM from AT&T. The ICC-ID number that the hackers breached is attached to each user's SIM, the card linking an individual iPad to its user. Changing the SIM card would change the ICC-ID as well, rendering that information useless.
  • Change your iPad e-mail address. The simplest solution is to stop using the compromised e-mail address. AT&T states the only information illicitly obtained was user's e-mail addresses. Changing your address would eliminate this threat.
  • Limit iPad usage. Using the iPad is, most likely, still safe. However, to best protect personal data, users should be careful what they use the iPad for. Avoid tasks such as mobile banking or anything that transmits personal information, especially when on a 3G network.

For those consumers who have not yet purchased an iPad, but were considering it, Milman recommends waiting at least six months for the manufacturer to work the major bugs out of the system.

"While most everyone is aware that security is important, very few of us understand what goes into securing the software, hardware, and networks that contain our most valuable asset, our identity," says Milman. "AT&T's breach is a perfect example of how at risk we are."

By Byron Acohido


RESCUECOM provides homes and businesses with 24/7 computer repair and support. RESCUECOM meets every tech support need, including data recovery, virus removal, wired and wireless networking and support for all brands of hardware and software. "When it comes to your technology, we hook you up!" For information on products, services, and computer support, visit or call (703) 986-3233.

For More Information, Contact:

Christina Johnson, PR Specialist

Google Reviews

Valley View Self Storage
Valley View Self Storage
2 weeks ago
We highly recommend Rescuecom Corporation. We needed immediate help with our office computer and ge
...We highly recommend Rescuecom Corporation. We needed immediate help with our office computer and getting us back up and running they were very through and great to work with. less
Tod Baseden
Tod Baseden
3 weeks ago
Awesome tech support went above and beyond. I highly recommend going with Resuecom. Roy killed it!
...Awesome tech support went above and beyond. I highly recommend going with Resuecom. Roy killed it! less
Nicole Gray
Nicole Gray
2 months ago
I am so thankful for Rescuecom for saving my computer and my sanity. I spent a week trying to remove
...I am so thankful for Rescuecom for saving my computer and my sanity. I spent a week trying to remove viruses from my computer with a program I bought online that promised 24/7 premium customer service and that was a lie. This company is the real deal. I received immediate help, within a minute of me signing up and David was very kind and knowledgeable and once my computer finished its scan 7 hrs later I immediately received another call from Roy to complete the next step. All I had to do was give him access to my computer and he did the rest of the work while I did other things. He called me as soon as he was done and then went over everything with me and helped me with issues I was having with my gmail account. Exemplary customer service and highly skilled technicians and peace of mind for me, I am extremely grateful and I am now a customer for life! less
robert hand
robert hand
2 months ago
I am thoroughly impressed with this company. The attention to detail, a high level of professionalis
...I am thoroughly impressed with this company. The attention to detail, a high level of professionalism, and sticking with some rather pesky problems until both the technician and I were satisfied with the results. Bravo! less
View all Google reviews

Featured in:

Feature Inthe New York TimesFOX NEWSUSA TodayComputer WorldCNNForbes