AT&T Breach - Worse than expected

[belvdr]

Picked this up on Slashdot, but here's the relevant article.

Honestly, this guy confuses me by some of the terminology but the security issues do not. If AT&T, T-Mobile, and Cingular are doing this, and I suspect they are, they are in a world of hurt. This isn't just about the iPad incident, but about an insecure architectural design, which could increase their network load, should they decide to fix it.

 

[FX120]

I am still cracking up every time I hear "****** Security" mentioned on the nightly news...

And I really laughed at this comment on SD: "This whole ordeal has turned out to be a real pain in the arse..."

 

[kdarling]

What that article mainly says is that ATT and T-Mobile to more or less directly correlate the public ICCID and the supposedly secret IMSI. And that the IMSI can be used to query a ton of information.

So even without the leak of email addresses, a hacker could make up random or targeted IMSIs and get all the info he wanted anyway, from the user's real name to phone number.

 

[benthewraith]

Picked this up on Slashdot, but here's the relevant article.

Honestly, this guy confuses me by some of the terminology but the security issues do not. If AT&T, T-Mobile, and Cingular are doing this, and I suspect they are, they are in a world of hurt. This isn't just about the iPad incident, but about an insecure architectural design, which could increase their network load, should they decide to fix it.

AT&T has 114,000 SIM cards to replace? It sounds like this vulnerability extends to the iPhone as well, or just about any SIM phone.

 

[thejadedmonkey]

ouch...