Roughly 114,000 Apple iPad users’ e-mail addresses were leaked this week, and now the FBI is looking into the matter to determine the threat level. Given the iPad’s stunning popularity and the frightening number of affected owners, many questions need answering. Here’s a FAQ about Apple and AT&T’s new relationship with federal investigators.
Basically, a group of hackers discovered a flaw on AT&T’s Web site, stole a ton of iPad owners’ identifying information, and gave the data to a popular blog. The security hole has since been plugged.
The hackers go by the name Goatse Security and have previously been responsible for unearthing vulnerabilities in Web browsers and in Amazon’s community ratings system, according to Valleywag.
Goatse found a buggy Web application on AT&T’s Web site that returned an iPad user’s e-mail address when it was sent specially written queries. These queries involved ICC-IDs (Integrated Circuit Card Identifiers) — unique numbers given to iPad owners that identify iPads connected to AT&T’s mobile network. Goatse then wrote an automated script that repeatedly sent thousands of random ICC-IDs, downloaded the e-mail addresses, and then gave them to the Gawker sister site Valleywag.
Gawker is a parent of the tech blog Gizmodo, which made headlines by nabbing an iPhone 4 way before its official release.
Only those with 3G iPads were struck. Here’s a condensed list of victims, courtesy of The New York Times:
- Military personnel
- The Senate
- The House
- The Justice Department
- The New York Times Company
- Dow Jones
- Condé Nast
- Time Warner
- The News Corporation
Celebrities such as Diane Sawyer also stomached the blow.
Valleywag points out that the e-mail list includes people privileged enough to receive an iPad prior to its wide release. This is not to say average iPad owners were not affected — that information cannot be confirmed.
Who’s to Blame?
First and foremost, it’s pretty clear that AT&T shoulders most of the responsibility for this incident, and the company admits as much. “We apologize that this happened. Nothing is more important to us. It’s the No. 1 priority, protecting customer privacy,” AT&T spokesperson Mark Siegel told CNET. Another AT&T spokesperson sponged blame from Apple’s corner by saying, “This is an AT&T issue … and people should feel comfortable using their iPads.”
Valleywag editorializes the Apple should share the blame. AT&T has an exclusive lock on the iPad’s 3G connectivity, and because of this, Valleywag believes that “Apple has a pronounced responsibility to patrol the network vendors it chooses to align and share customer data with.” That’s shaky ground to stand on since it’d be extremely taxing for a company as big as Apple to parse AT&T’s Web sites looking for security holes.
Aside from apologetic promises to inform customers who were impacted, AT&T hasn’t said much, and Apple hasn’t uttered a word to any news organization.
The FBI’s blurb was also succinct: “The FBI is aware of these possible computer intrusions and has opened an investigation,” FBI spokesperson Katherine Schweit told The Wall Street Journal. “It’s very early in the investigation,” Schweit adds.
Some may distrust and blame Goatse for its involvement, but in an interview with CNET, Escher Auernheimer, a key member of Goatse, defended the group’s participation, calling it an investigation in the public’s interest. “So I think it was necessary to inform the public in this particular manner. I know some people are criticizing us and calling it irresponsible, but we did our best effort to be good guys about it. We waited until the hole was patched. We didn’t disclose the data except to a reporter who agreed to censor the relevant bits. We felt it was in the public’s best interest,” Auernheimer said.
What’ll Happen to Apple’s Relationship with AT&T?
This public failure certainly won’t bode well for Apple and AT&T. Though reports suggest that AT&T has an exclusive on Apple’s iPhone until 2012 (despite rumors of an upcoming T-Mobile iPhone), and, currently, AT&T is the only mobile data provider for the iPad, the relationship may already be headed towards “I’m just not that into you” territory. At this year’s D8 conference, Steve Jobs delivered a sly dig at AT&T’s widely-loathed network. Jobs also experienced multiple connectivity failures at the unveiling of the iPhone 4, and though those were related to Wi-Fi signals, that didn’t stop an audience member from shouting “Verizon!”
No matter how you spin it, the AT&T iPad data leak is a festering black eye for the mobile carrier and Apple may begin distancing itself to save its own reputation. Without Apple its exclusives, AT&T may have a tougher time weathering the storm.