LastWatchdog.com Reports RESCUECOM's Top Five iPad Security Tips

More Attacks on iPads Since AT~amp~T Network Hack

FBI investigates iPad-AT&T breach as blame game plays out

LastWatchdog.com
June 11, 2010

Security experts have begun parsing the blame for the iPad-AT&T security breach that exposed the email address of some high-profile users.

Meanwhile, the FBI has launched an official investigation of a caper in which the perpetrators - greyhat researchers calling themselves Goatse Security - freely claim responsibility for the attack.

"We believe what we did was ethical," Goatse member Escher Auernheimer told PC World's Greg Keizer in a telephone interview. "What we did was right."

Auerheimer notes that Goatse waited until AT&T had closed the hole before outing the e-mail addresses it had grabbed. This, he contends, amounts to "responsible disclosure."

Going public with the discovery of a fresh security hole is one thing. But actually taking advantage of the vulnerability to steal data is another. Pierce the privacy of high-powered, well-connected iPad users, and you wake the sleeping giant: the FBI.

"The disclosure was completely irresponsible," says Sean Sullivan, Security Advisor, at antiviurus company F-Secure. "There is no reason why the Goatse Security group needed to harvest data. They only did it to sensationalize the issue and they are guilty of violating personal privacy."

Celebrity quotient

Goatse researchers claim to have extracted 114,000 e-mail addresses, including many high profile celebrities, athletes and politicos, New York City Mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel, and movie producer Harvey Weinstein, among them.

They did this by tricking AT&T's servers into divulging the correct unique identifier for the iPad and associated e-mail addresses. The incident, no doubt, has worsened the already strained relationship between AT&T and Apple, says Rick Munarriz, senior analyst at The Motley Fool. iPhone and iPad users have complained about dropped calls, poor signals and expensive usage rates, notes Munarriz.

Jon Heimerl, Director of Strategic Security at Solutionary, a data security consulting company, believes AT&T is largely at fault for this latest stumble. "In no way is this an ‘iPad breach,' " says Heimerl. " This was someone grabbing information off of an AT&T server that was accidentally left exposed to the Internet."

Hemanshu Nigam, founder of security consultancy SSP Blue, says Apple bears the largest share of culpabibility since it set the authentication requirements ATT was required to follow.

"This is exactly where the flaw existed," says Nigam, former security chief at MySpace. "Apple needs to start putting user security ahead of user convenience. The hacker community is obviously gearing up to dethrone the king and this is just another warning shot."

More iPad attacks likely

Heimerl and Nigam do agree on this point: wider use of iPads, especially among movers and shakers, portends intensified hacks - by professional cybercriminals, not just security researchers looking to grab headlines.

"The iPad is a new product, and as such likely has unintended (security weaknesses) built in." says Heimerl. "Odds are that someone will find something to hack in the device operating system, or in one of the primary applications that the iPad runs, like the Safari browser."

Although email addresses in and of themselves may seem low value, "knowing these addresses opens them up to a large number of spammers and would-be social engineers that will now be checking every login field on the Internet for accounts belonging to them," says Jason Haddix, Security Engineer at Redspin.

Sam Diaz, senior editor at ZDNet, calls out Mayor Bloomberg and Chief of Staff Emanuel, for owning iPads in the first place.

" What I would really want to know - given the volume of government officials whose official work e-mail addresses were found . . . is exactly who paid for all of these iPads that are reportedly in the hands of so many people in Washington, Diaz writes in this post. "Last time I checked, the iPad was a pretty expensive device, especially for government agencies that probably have better uses for government dollars other than to buy iPads."

iPad best security practices

In wake of the breach, Rescuecom CEO David A. Milman suggests these precautions for iPad users:

  • Turn off the 3G Network. AT&T has stated that there is no more threat to customers. However, turning off 3G wireless Internet service, at least temporarily, will protect an individual's personal data from any further attack.
  • Request a new SIM from AT&T. The ICC-ID number that the hackers breached is attached to each user's SIM, the card linking an individual iPad to its user. Changing the SIM card would change the ICC-ID as well, rendering that information useless.
  • Change your iPad e-mail address. The simplest solution is to stop using the compromised e-mail address. AT&T states the only information illicitly obtained was user's e-mail addresses. Changing your address would eliminate this threat.
  • Limit iPad usage. Using the iPad is, most likely, still safe. However, to best protect personal data, users should be careful what they use the iPad for. Avoid tasks such as mobile banking or anything that transmits personal information, especially when on a 3G network.

For those consumers who have not yet purchased an iPad, but were considering it, Milman recommends waiting at least six months for the manufacturer to work the major bugs out of the system.

"While most everyone is aware that security is important, very few of us understand what goes into securing the software, hardware, and networks that contain our most valuable asset, our identity," says Milman. "AT&T's breach is a perfect example of how at risk we are."

By Byron Acohido


About RESCUECOM

RESCUECOM provides homes and businesses with 24/7 computer repair and support. RESCUECOM meets every tech support need, including data recovery, virus removal, wired and wireless networking and support for all brands of hardware and software. "When it comes to your technology, we hook you up!" For information on products, services, and computer support, visit http://www.rescuecom.com or call (703) 986-3233.

For More Information, Contact:

Christina Johnson, PR Specialist
1-800-737-2837
cjohnson@rescuecom.com

Google Reviews

Keoni Jefferson
Keoni Jefferson
in the last week
When I say, I am truely expressed. David and his team are a blessing in disguise. I was just hired f
...When I say, I am truely expressed. David and his team are a blessing in disguise. I was just hired for a work at home postion. My compter had several, multiple virues. David stayed with me over the phone to fix, and resolve the issues. His personality and the ability to show me what not to install, was comforting. I'm greatly appreciative of RUSCUECOM. less
Sheila O'connor
Sheila O'connor
a week ago
When I called my compute was completely dead. Going away on Sunday and needed to have access to my c
...When I called my compute was completely dead. Going away on Sunday and needed to have access to my computer to get emails out before I left. I talked with T and she was very pleasant and understanding. Take all my information and had tech David call me back. Davis was so awesome and worked with me to get to the point were he could take over my machine. I am so thankful for David he was patience, understand, working with me. He went above and beyond to ensure me that everything will be okay and he would work all night if he had to get my computer fixed. I worked as a supervisor, office manager for many years, I would have been delighted to have David on my team. Once again I am thankful I gave rescue Com I have never any problems with any of the techs. I really appreciate David approach to customer service. Once again he was AWESOME! less
Katie Chuong
Katie Chuong
2 weeks ago
David is awesome!! He is so patient with all my issues and caring and I would definitely recommend t
...David is awesome!! He is so patient with all my issues and caring and I would definitely recommend this 5 star company to everyone, friends and family! less
Karen Gutfeld
Karen Gutfeld
a month ago
These guys are very helpful and know what they are doing. I am a complete dummy when it comes to tec
...These guys are very helpful and know what they are doing. I am a complete dummy when it comes to tech matters and David always walks me through it patiently so that in the end my problem is solved. Very appreciated. less
View all Google reviews

Featured in:


Feature Inthe New York TimesFOX NEWSUSA TodayComputer WorldCNNForbes