© The Financial Times Ltd 2016 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
June 10, 2010 1:59 am
The US telecoms company refused to comment, however, on claims by a security outfit called Goatse Security that it had been able to use the flaw to obtain information about 114,000 iPad owners.
AT&T’s admission about the embarrassing security glitch came after the Valleywag internet blog published Goatse’s claims that it had obtained personal e-mail addresses, as well as the unique codes, known as ICC-ID numbers, of the SIM cards inside iPads running on the AT&T network.
AT&T confirmed that the vulnerability exposed these two types of information, though it said it was still investigating the claims of a security breach. It said it had been informed of the vulnerability by a business customer on Monday, and that the problem had been “escalated to the highest levels of the company”.
It added that it had “corrected’ the problem on Tuesday after it “essentially turned off the feature that provided the e-mail addresses”, though it refused to give further details.
Goatse claimed to have used a so-called “scripting” attack to gather information about AT&T’s iPad customers. This is a common method for hackers to penetrate websites; such attacks involve planting code on a site that can then track sensitive information about other users.
Copyright The Financial Times Limited 2016. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in