Thursday, June 10, 2010

AT&T Steps in it Big Time

A horrendously implemented AJAX web service exposed information on over 114k iPad subscribers.

The specific information exposed in the breach included subscribers' email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T's network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.

AT&T closed the security hole in recent days, but the victims have been unaware, until now. For a device that has been shipping for barely two months, and in its cellular configuration for barely one, the compromise is a rattling development. The slip up appears to be AT&T's fault at the moment, and it will complicate the company's already fraught relationship with Apple.
This is a huge black eye for both AT&T and Apple.  From a selfish perspective, this might actually drive Apple to finally drop their exclusive agreement with AT&T.  I'd love an iPhone or an iPad, but I don't want to switch carriers.

No comments:

Post a Comment