All eyes were on Apple last April during the much anticipated release of their new tablet computer, the iPad. This device, which has capabilities for email, movies, music, internet, photos, online books, maps, and much more, enjoyed great initial success, with 300,000 sold in just the first day. Unfortunately, excitement for the iPad dimmed just a few months later when it was discovered on
This glitch was found by a group called Goatse Security, who discovered that through a certain script on the AT&T website, they could enter the number that identifies someone’s iPad on the AT&T network and in turn receive the person’s email address. The members of this group could be classified as grey hat hackers because although they purposely tried to get information that they were not authorized to have, they seemed to be doing it for the right reasons. They notified AT&T so that the problem could be fixed and released their finding to the public, so that users would be aware that their information was compromised. Unfortunately, while Goatse Security felt that they were doing a service to the public, AT&T didn’t see it quite the same way, calling them “unauthorized computer ‘hackers’ that maliciously exploited” the website.
Part of the reason why this weakness in the AT&T website is such a big deal is because of the people it involved. Since the cost of the standard iPad is $499, it is not a product that the majority of middle class people own. It is not surprising that many of the iPad owners whose information was compromised are famous and well known. Some of the most recognizable names on the list are Chief of Staff Rahm Emanuel and ABC New’s Diane Sawyer. This glitch is also important because it involves two big name companies: AT&T and Apple. While the fault seems to lie with AT&T since the problem was with their website, Apple also has responsibility because they need to be sure to protect the information that they collect from users of their product.
AT&T has since repaired this glitch in their website, but the full extent of the damage of this breach is unknown. It is impossible to tell how many users’ data was compromised and if it was accessed by anyone other than Goatse Security. If possible, I think the best way to handle this other than fixing the website is to assign new identification numbers to the users. AT&T has stated that users “can continue to use [their] AT&T 3G service on [their] iPad with confidence.”
I think the main cause of this incident was an oversight by AT&T and maybe a sense of complacency about security on Apple’s part. I think that AT&T needs to better monitor their websites for potential security threats, but Apple also needs to follow through and make sure that anyone to whom they give customer information is properly protecting it. It will be interesting to see how the relationship between these two companies is affected by this security breach. Ideally they will join together to prevent such a breach of security from happening again and gain back the trust of their customers.
http://www.usatoday.com/money/industries/technology/2010-04-04-apple-ipad-sales_N.htm
http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
http://bits.blogs.nytimes.com/2010/06/13/att-explains-ipad-security-breach/
Posts
No comments:
Post a Comment