Interesting People mailing list archives
AT&T-iPad security breach may be worse than first thought
From: David Farber <dave () farber net>
Date: Wed, 16 Jun 2010 10:05:29 -0400
Begin forwarded message: From: Monty Solomon <monty () roscom com> Date: June 15, 2010 10:44:29 PM EDT To: undisclosed-recipient:; Subject: AT&T-iPad security breach may be worse than first thought AT&T-iPad security breach may be worse than first thought By Peter Bright Ars Technica Researchers looking into the security of GSM phone networks are suggesting that the recent breach, which saw tens of thousands of e-mail addresses and ICC-IDs inadvertently disclosed by AT&T, could have far more significant implications than a bit of extra spam: attackers can use the information to learn the names and phone numbers of the leaked users, and can even track their position. The problem is that ICC-IDs-unique serial numbers that identify each SIM card-can often be converted into IMSIs. While the ICC-ID is nonsecret-it's often found printed on the boxes of cellphone/SIM bundles-the IMSI is somewhat secret. In theory, knowing an ICC-ID shouldn't be enough to determine an IMSI. The phone companies do need to know which IMSI corresponds to which ICC-ID, but this should be done by looking up the values in a big database. In practice, however, many phone companies simply calculate the IMSI from the ICC-ID. This calculation is often very simple indeed, being little more complex than "combine this hard-coded value with the last nine digits of the ICC-ID." So while the leakage of AT&T's customers' ICC-IDs should be harmless, in practice, it could reveal a secret ID. ... http://arstechnica.com/security/news/2010/06/atts-ipad-security-breach-could-be-worse-than-initially-thought.ars ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- AT&T-iPad security breach may be worse than first thought David Farber (Jun 16)