Reports RESCUECOM's Top Five iPad Security Tips

More Attacks on iPads Since AT~amp~T Network Hack

FBI investigates iPad-AT&T breach as blame game plays out
June 11, 2010

Security experts have begun parsing the blame for the iPad-AT&T security breach that exposed the email address of some high-profile users.

Meanwhile, the FBI has launched an official investigation of a caper in which the perpetrators - greyhat researchers calling themselves Goatse Security - freely claim responsibility for the attack.

"We believe what we did was ethical," Goatse member Escher Auernheimer told PC World's Greg Keizer in a telephone interview. "What we did was right."

Auerheimer notes that Goatse waited until AT&T had closed the hole before outing the e-mail addresses it had grabbed. This, he contends, amounts to "responsible disclosure."

Going public with the discovery of a fresh security hole is one thing. But actually taking advantage of the vulnerability to steal data is another. Pierce the privacy of high-powered, well-connected iPad users, and you wake the sleeping giant: the FBI.

"The disclosure was completely irresponsible," says Sean Sullivan, Security Advisor, at antiviurus company F-Secure. "There is no reason why the Goatse Security group needed to harvest data. They only did it to sensationalize the issue and they are guilty of violating personal privacy."

Celebrity quotient

Goatse researchers claim to have extracted 114,000 e-mail addresses, including many high profile celebrities, athletes and politicos, New York City Mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel, and movie producer Harvey Weinstein, among them.

They did this by tricking AT&T's servers into divulging the correct unique identifier for the iPad and associated e-mail addresses. The incident, no doubt, has worsened the already strained relationship between AT&T and Apple, says Rick Munarriz, senior analyst at The Motley Fool. iPhone and iPad users have complained about dropped calls, poor signals and expensive usage rates, notes Munarriz.

Jon Heimerl, Director of Strategic Security at Solutionary, a data security consulting company, believes AT&T is largely at fault for this latest stumble. "In no way is this an ‘iPad breach,' " says Heimerl. " This was someone grabbing information off of an AT&T server that was accidentally left exposed to the Internet."

Hemanshu Nigam, founder of security consultancy SSP Blue, says Apple bears the largest share of culpabibility since it set the authentication requirements ATT was required to follow.

"This is exactly where the flaw existed," says Nigam, former security chief at MySpace. "Apple needs to start putting user security ahead of user convenience. The hacker community is obviously gearing up to dethrone the king and this is just another warning shot."

More iPad attacks likely

Heimerl and Nigam do agree on this point: wider use of iPads, especially among movers and shakers, portends intensified hacks - by professional cybercriminals, not just security researchers looking to grab headlines.

"The iPad is a new product, and as such likely has unintended (security weaknesses) built in." says Heimerl. "Odds are that someone will find something to hack in the device operating system, or in one of the primary applications that the iPad runs, like the Safari browser."

Although email addresses in and of themselves may seem low value, "knowing these addresses opens them up to a large number of spammers and would-be social engineers that will now be checking every login field on the Internet for accounts belonging to them," says Jason Haddix, Security Engineer at Redspin.

Sam Diaz, senior editor at ZDNet, calls out Mayor Bloomberg and Chief of Staff Emanuel, for owning iPads in the first place.

" What I would really want to know - given the volume of government officials whose official work e-mail addresses were found . . . is exactly who paid for all of these iPads that are reportedly in the hands of so many people in Washington, Diaz writes in this post. "Last time I checked, the iPad was a pretty expensive device, especially for government agencies that probably have better uses for government dollars other than to buy iPads."

iPad best security practices

In wake of the breach, Rescuecom CEO David A. Milman suggests these precautions for iPad users:

  • Turn off the 3G Network. AT&T has stated that there is no more threat to customers. However, turning off 3G wireless Internet service, at least temporarily, will protect an individual's personal data from any further attack.
  • Request a new SIM from AT&T. The ICC-ID number that the hackers breached is attached to each user's SIM, the card linking an individual iPad to its user. Changing the SIM card would change the ICC-ID as well, rendering that information useless.
  • Change your iPad e-mail address. The simplest solution is to stop using the compromised e-mail address. AT&T states the only information illicitly obtained was user's e-mail addresses. Changing your address would eliminate this threat.
  • Limit iPad usage. Using the iPad is, most likely, still safe. However, to best protect personal data, users should be careful what they use the iPad for. Avoid tasks such as mobile banking or anything that transmits personal information, especially when on a 3G network.

For those consumers who have not yet purchased an iPad, but were considering it, Milman recommends waiting at least six months for the manufacturer to work the major bugs out of the system.

"While most everyone is aware that security is important, very few of us understand what goes into securing the software, hardware, and networks that contain our most valuable asset, our identity," says Milman. "AT&T's breach is a perfect example of how at risk we are."

By Byron Acohido


RESCUECOM provides homes and businesses with 24/7 computer repair and support. RESCUECOM meets every tech support need, including data recovery, virus removal, wired and wireless networking and support for all brands of hardware and software. "When it comes to your technology, we hook you up!" For information on products, services, and computer support, visit or call (703) 986-3233.

For More Information, Contact:

Christina Johnson, PR Specialist

Google Reviews

Carli Wittkowski
Carli Wittkowski
a week ago
Amazing service! This is my first time with Rescuecom and I am extremely pleased. Great Customer se
...Amazing service! This is my first time with Rescuecom and I am extremely pleased. Great Customer service and so very helpful. I would most definitely recommend. less
Karen Beller
Karen Beller
2 weeks ago
Rescuecom is excellent. I was scammed and Roy cleared my desktop. Excellent service and Roy was very
...Rescuecom is excellent. I was scammed and Roy cleared my desktop. Excellent service and Roy was very knowledgeable. Thank You. less
Robin Penick-Funderburk
Robin Penick-Funderburk
3 weeks ago
A hacker with the alias "DEATHRIDGE" entered a company Teams meeting via someone invited as a guest,
...A hacker with the alias "DEATHRIDGE" entered a company Teams meeting via someone invited as a guest, and started taking control of my computer and my life. They sent emails pretending to be me that really looked like they were coming from me. They tried to take control of our corporate bank accounts, added themselves as a user to my Microsoft account, and locked me out of my computer as my passwords no longer worked. My ability to run a telecom company ground to a halt, and all my company and personal information was at their fingertips. I felt so helpless, and I needed folks smarter than the hacker(s) to do battle for me. Our typical computer pros couldn't handle it, and neither could other "experts" I called. Lucky for me I called RESCUECOM, and they immediately got to work. They didn't complain though I was asking for help in the middle of the night, but immediately got to work and worked non-stop to restore everything and protect me going forward. The team at RESCUECOM are my knights in shining armor, and they're the absolute best! less
Krishna Kambhampati
Krishna Kambhampati
2 months ago
Roy was very helpful for fixing my booting issue. I called really late (10pm) and there was someone
...Roy was very helpful for fixing my booting issue. I called really late (10pm) and there was someone to answer my call. I would recommend them to anyone that needs tech support. less
View all Google reviews

Featured in:

Feature Inthe New York TimesFOX NEWSUSA TodayComputer WorldCNNForbes