In July, 2010, a network security organization found that the US telecom operator, the only partner of Apple iPhone, iPad operator in United States, the website of AT&T had a security vulnerability, causing a large number of 3G version of iPad user information being leaked, including many financial, political and media celebrities. The total number of leaked user information was up to 114,000 copies which may contain the early release of the iPad version 3G iPad all users. Although AT&T has to take the main responsibility, Apple has to bear the corresponding responsibility. Analysts said that these e-mail accounts are mainly used to activate the iPad, since the need for users to provide such information, Apple has the responsibility to protect user privacy and security.
Technical Description …show more content…
With this script, any user can get a response of the associated e-mail address as long as the SIM card number is provided in the request sent to the server. Since Ipad has a built-in AT&T network SIM card and each SIM card carries an authentication number which is ICC-IDS, when this number was sent to the website of AT&T, the website would return the email address corresponding to the number provided. By knowing 3G version of the iPad SIM card number, you can easily guess the other card number, in order to obtain a large number of user information.
Technical Changes and Improvements
What AT&T has done was to escalate the level of this incident to the highest level and turned off the feature of providing the E-mail address related with ICC-IDS. Meanwhile, the customers of AT&T were notified that their information was leaked due to the vulnerability.