Two Are Charged With Fraud in iPad Security Breach [New York Times]
Readers may remember that soon after the Apple iPad began shipping last year, hackers were able to breach an AT&T web site to retrieve thousands of email addresses of iPad owners that used AT&T's mobile network with their device. Now, the two hackers that are alleged to have perpetrated the hack have been arrested and charged with fraud and conspiracy.
According to the FBI, Daniel Spitler and Andrew Auernheimer are alleged to have discovered a security flaw in AT&T's web site that allowed them access to 114,000 email addresses of owners of iPads connected to AT&T's mobile network. The flaw allowed the hackers to fool the site into thinking an iPad user was connecting, when in fact it was the hackers who were able to retrieve the email address associated with the iPad user they were imitating.
Because the AT&T site authenticated iPad users with a unique number drawn from a set of sequential numbers, the hackers were able to access the site by simply plugging in the next sequential number. The AT&T site did not require any secure login credentials.
Each count that Spitler and Aurenheimer are charged with have a maximum five-year prison term and a $250,000 fine. While the hackers are alleged to have discussed selling the email addresses they obtained to spammers, reports indicate that they ultimately did not sell the addresses.
Comments