| 'Brute force' script - iPad 'hack' |
| Posted: JP @ Sun Jun 13, 2025 10:11 pm |
| ComputerWorld wrote: | 'Brute force' script snatched iPad e-mail addresses
'No hack, no infiltration, no breach,' say security experts, just sloppy AT&T software
The harvesting of over 100,000 iPad 3G owners' e-mail addresses was not a hack or a classic data breach, but a brute-force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday.
According to New York-based Praetorian Security Group, which obtained a copy of the PHP script used to scrape e-mail addresses from AT&T's servers, the attack succeeded because the mobile carrier used poorly designed software.
A nine-person hacking group known as Goatse Security claimed responsibility for the script, which amassed 114,000 e-mail addresses.
"There's no hack, no infiltration, and no breach, just a really poorly-designed Web application that returns e-mail address when ICC-ID is passed to it," Praetorian said in a late Wednesday entry on its security blog.
An ICC-ID (Integrated Circuit Card Identifier) is the unique number assigned to each SIM card. A mobile device's SIM stores information that identifies the specific wireless customer to his or her carrier. The iPad 3G contains a SIM card.
Clik  |
|
| Comments: 2 :: View Comments (Post your comment) |
|
|
