Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: iPad Owners Exposed - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
iPad Owners Exposed

Some of you may have seen the article about an iPad security breach.  Some of the information floating around is leading readers to believe that it is an
iPhone software problem.  It is not, the issue is with a web application not the iPhone or iPad software.

"Apparently, the breach was the result of a web application vulnerability on an AT&T site. This allowed a malcontent to guess
at an AT&T SIM card identifier (the so-called ICC-ID) and – if the ICC-ID was issued to an iPad – to use it to retrieve the email address
of the iTunes account associated with the device."

The fact that this happened is bad, however the amount of incorrect information circulating the Net is even worse.  For the whole story see the
Sophos blog.

Another take on the situation:

Deb Hale Long Lines, LLC


279 Posts
ISC Handler
Jun 10th 2010

Sign Up for Free or Log In to start participating in the conversation!