Pin Me

How Big Was the iPad Security Hole and Has It Been Plugged?

written by: Bruce Tyson•edited by: M.S. Smith•updated: 2/22/2011

The famous "iPad security hole" was uncovered by hackers that discovered a way to download iPad user account information from the AT&T Web site. Headlines revealing how AT&T exposes iPad users to data theft helped tarnish the company's reputation and sent the FBI hunting for a pair of hackers.

  • slide 1 of 5

    About the iPad Security Hole

    A massive security breach at the website servicing AT&T Wireless iPad customers resulted in the compromise of more than 100,000 450px-IPad-02 wireless 3G accounts, including those belonging to many government and military personale.

    The breach occurred days after the first 3G version of the Apple iPad was released and showed how popular the device had become among the nation's elite.

    Programmers with the hacker consortium Goatse learned how to gain access to user data by submitting SIM card numbers to the AT&T website. Fortunately the illicitly obtained information wasn't much more than user email addresses, but it still represented a major security breach that seemed to negatively impact AT&T's public image, at least over the short term.

    The program written to download iPad user data from AT&T was called iPad 3G Slurper and emulated the iPad's browser ID to trick the AT&T website into returning user data. It worked by calling a script on the AT&T website that did not follow standard security protocol.

    Image Credit: Wikimedia Commons/Glenn Fleishman

  • slide 2 of 5

    Has the iPad Security Breach Been Fixed?

    Shortly after it became common knowledge that AT&T exposes iPad users' information, AT&T repaired the security flaw in its website. According to Business & Law, the cost of repairs was just over $70,000.

    The news came when speculation was first swirling about AT&Ts loss of its exclusive deal with Apple to sell the iPhone and iPad devices.

  • slide 3 of 5

    Hackers Arrested, Charged

    Two hackers loosely affiliated with the Goatse hacker organization were arrested early this year and charged with federal crimes of fraud and unauthorized access to a computer system. Although the exact date of their trial remains unclear, the pair could go to prison for their shenanigans. The hackers may also face quarter-million dollar fines if found guilty.

    The pair, Andrew Auernheimer from Arkansas and San Francisco's Daniel Spitler, claims that their actions were on behalf of the best interests of AT&T and Internet users in general. However, the federal prosecutor seems to believe other wise, claiming that at least one of the hackers is a troll and that neither hacker made an effort to contact AT&T to notify them of the security problem.

  • slide 4 of 5

    Hackers Hacked

    The tables were turned against Auernheimer and Spitler when their own website was compromised by hackers. In that incident, hackers posted a vulgar statement on the Goatse Security website chiding the group for its lax security and promising to notify media outlets that the group's site had been hacked.

    There is no word as to whether or not the FBI is looking into that hacking incident

  • slide 5 of 5

    References

    Mills, Elinor. "iPad hacker site hacked",http://www.zdnet.com/news/ipad-hacker-site-hacked/6189441

    Tate, Ryan."Apple’s Worst Security Breach: 114,000 iPad Owners Exposed", http://gawker.com/#!5559346

    Emspak, Jesse. "Hackers Charged In iPad Security Breach", http://www.ibtimes.com/articles/102591/20110119/hackers-charged-in-ipad-security-breach.htm