Gawker.com is running a story called "Apple's Worse Security Breach: 114,000 iPad Owners Exposed," in which they act like the sky is falling over a vulnerability discovered on the AT&T network. While the blog post sensationalizes the breach, it seems all that was actually exposed were the email addresses and the ICC-IDs of iPad devices. AT&T says it has already closed the vulnerability in their network that permitted Goatse Security to access the information, and also commented that the company who discovered the security gap did not contact AT&T. While Goatse Security seemed concerned that the information could be used to spoof a device on the network or intercept data, other security experts contacted by Gawker did not see any security risk to disclosure of the ICC-ID.
According to an article on Forbes.com, an "internet activist" who goes by the name of "Weev" says he alerted the press organizations affected by the breach but was ignored. A copy of the email he sent to the news organizations appears at the end of the Forbes article. While I don't know if his email went into their spam filters without being read or if they ignored his message because they didn't consider it newsworthy, it seems that few people consider this security breach significant except Weev.
While the story is getting a lot of coverage in the blogosphere, the reaction of knowledgeable bloggers is that the issue is overblown. The worry that iPad users are vulnerable to spam marketing is almost laughable, considering the amount of spam all email users receive every day. As Prince McLean said in a post on AppleInsider.com, "Presumably, many of them also have public email addresses and therefore already receive spam like the rest of us." Even Gizmodo itself concedes in another blog post called "Should I worry about the iPad + AT&T security breach? (Probably not)" that there is really no risk to iPad users from this breach, and that the only issue is that AT&T did not properly protect user privacy.
To learn how Goatse Security accessed the iPad data on AT&T's network, read "The Little Feature That Led to AT&T's iPad Security Breach" on Gizmodo. For some thoughts on the iPad's relation to enterprise security, see Larry Walsh's article "Lessons from the AT&T/iPad Hack" on ChannelInsider.com. And to read about the FBI investigation of Goatse as a result of their hacking into the AT&T data, read "FBI Investigates iPad Security Breach, Goatse Security Defends Itself."
Does this data breach make you more concerned about using the iPad in your law practice, or is Goatse Security making a big issue over nothing? Share your thoughts in the Comments section below.