Interesting People mailing list archives

AT&T-iPad security breach may be worse than first thought


From: David Farber <dave () farber net>
Date: Wed, 16 Jun 2010 10:05:29 -0400



Begin forwarded message:

From: Monty Solomon <monty () roscom com>
Date: June 15, 2010 10:44:29 PM EDT
To: undisclosed-recipient:;
Subject: AT&T-iPad security breach may be worse than first thought


AT&T-iPad security breach may be worse than first thought

By Peter Bright
Ars Technica

Researchers looking into the security of GSM phone networks are
suggesting that the recent breach, which saw tens of thousands of
e-mail addresses and ICC-IDs inadvertently disclosed by AT&T, could
have far more significant implications than a bit of extra spam:
attackers can use the information to learn the names and phone
numbers of the leaked users, and can even track their position.

The problem is that ICC-IDs-unique serial numbers that identify each
SIM card-can often be converted into IMSIs. While the ICC-ID is
nonsecret-it's often found printed on the boxes of cellphone/SIM
bundles-the IMSI is somewhat secret. In theory, knowing an ICC-ID
shouldn't be enough to determine an IMSI. The phone companies do need
to know which IMSI corresponds to which ICC-ID, but this should be
done by looking up the values in a big database.

In practice, however, many phone companies simply calculate the IMSI
from the ICC-ID. This calculation is often very simple indeed, being
little more complex than "combine this hard-coded value with the last
nine digits of the ICC-ID." So while the leakage of AT&T's customers'
ICC-IDs should be harmless, in practice, it could reveal a secret ID.

...

http://arstechnica.com/security/news/2010/06/atts-ipad-security-breach-could-be-worse-than-initially-thought.ars 






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


Current thread: