Skip to main content

Convenience is deadly – how the AT&T iPad hack worked

Matt Buchanon had a little conversation with AT&T security chief Ed Amororo on the hack.  It turns out that AT&T wanted to make logging into your 3G data plan dashboard a little easier on the iPad so they populated the email address based on the ICC-ID.  

Hackers effectively used a brute force technique to get the system to spit out email addresses.  As of now, the email populating system is turned off (above image).

Ol’ Ed might have some explaining to do.  While email addresses aren’t the biggest loss for their customers, AT&T should have known that they would be vulnerable with such a system.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Seth Weintraub Seth Weintraub

Publisher and Editorial Director of the 9to5/Electrek sites.


Seth Weintraub's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications