Thursday, January 20, 2011

How secure are mobile devices?

The arrest Tuesday of two men who succeeded in hacking into AT&T’s iPad 3G protocol last summer, obtaining and presumablydistributing the e-mail addresses of some 114,000 iPad owners, is renewing questions about the vulnerability of mobil internet devices.

"The men," a New York Times article this morning said, "who are part of a group known as Goatse Security, gained national attention last June when they discovered a security loophole on AT&T's web site that allowed them to gain access to e-mail addresses and corresponding iPad identification numbers." That group, the Times article said, "originally maintained in an open letter to AT&T back in June, that it exposed the security vulnerability on the company's site to alert it to the problem. The flaw allowed anyone to discover e-mail addresses by submitting potential iPad identification numbers to the site."

An MSNBC.com article back in June said "AT&T, which has exclusive U.S. rights to carry the iPad and the popular iPhone, acknowledged the security breach but said it had corrected the flaw and that only e-mail addresses were exposed to hackers who identified a security weakness.." This morning's Times article quotes Richard Wang, manager of the security firm SophosLabs as saying there was "criticism to be leveled at both sides" in the case… "AT&T's site wasn't sufficiently secure," he said. "The company may have felt pressure to take strong action, considering the data leak involved a prominent business partner, but in general the security risk was low…the Goatse Security group could have handled matters in a way that would have let it avoid prosecution."


Gawker.com had an additional post about the original breach, while SiliconValley.com and the Wall Street Journal have current updates.

No comments: