Convenience is deadly – how the AT&T iPad hack worked

Matt Buchanon had a little conversation with AT&T security chief Ed Amororo on the hack.  It turns out that AT&T wanted to make logging into your 3G data plan dashboard a little easier on the iPad so they populated the email address based on the ICC-ID.  

Hackers effectively used a brute force technique to get the system to spit out email addresses.  As of now, the email populating system is turned off (above image).

Ol’ Ed might have some explaining to do.  While email addresses aren’t the biggest loss for their customers, AT&T should have known that they would be vulnerable with such a system.

Author Ad Placeholder
Will only appear on redesign env.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Seth Weintraub Seth Weintraub

Publisher and Editorial Director of the 9to5/Electrek sites.

Seth Weintraub's favorite gear