Posted by: David Harley | June 16, 2010

AT&T: Up SIM Creek without an iPaddle?

It looks possible that the breach in iPad security exploited by the Goatse group to snaffle details of 114,000 iPad users may be a little more complicated than it seemed.

Peter Bright reports at Arstechnica that it’s been suggested that the SIM card ICC-ID that was accidentally disclosed, along with the user’s email address, may be more useful to an attacker than was originally thought.

It appears that some telephone companies calculate the IMSI from the ICC-ID, making it easy to ascertain, and that’s a little more serious. Bright’s article is assuming that this is the case with AT&T and the iPad. AT&T haven’t commented, so as far as I’m concerned, it’s unproven. Still, I’ll be watching this one with interest.

And if it does turn out that whole load of SIM cards need replacing, AT&T may be needing a big payout from their threatened court action against the Goatse hacking group…

(http://www.computerweekly.com/Articles/2010/06/15/241596/ATampT-sues-Goatse-for-stealing-e-mail-addresses.htm)

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer

Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: