Apple iPad Users Are Still a Target for Hackers

Apple uses the AT&T wireless network on its iPhone, iPad, and other mobile devices. When a computer experts group named Goatse Security was able to obtain 114,000 e-mail addresses and AT&T SIM card serial numbers (termed integrated circuit card identifications, or ICC-IDs) from Apple iPad 3G users through a public log-in site, people panicked over hackers being able to break into AT&T network devices. AT&T responded to the perceived threat by issuing a public statement wherein the company declared that "hackers" had "maliciously" captured customer ICC-IDs and e-mail addresses from a customer log-in web site page (1). These e-mail addresses were then distributed to an online reporter for publicity purposes. AT&T also reported that it acted swiftly to remove the security threat; within hours, the customer log-in page required the user to enter additional information to which the "hackers" would not normally have access (2).

AT&T offered to replace SIM cards for any iPad users who felt that their security had been breached. Goatse Security also assured people affected by the AT&T security loophole that their e-mail addresses and SIM card information had since been destroyed (1). However, despite assurances by both AT&T and Goatse to the contrary, the fact remains that pertinent customer information was obtained by a third party. While e-mail addresses can be deleted permanently, SIM card information, which contains the ICC-IDs, is another matter altogether.

An ICC-ID is the 19- or 20-digit serial number on the SIM card, which is the chip that facilitates wireless communication. That serial number is typically written on the SIM card itself. Many devices carry SIM cards, including cellular phones, computers, and of course, the iPad. However, the ICC-ID is more than just a chip identifier. When some of the numbers of the ICC-ID are rearranged, they provide another number, the (usually) 15-digit International Mobile Subscriber Identity (IMSI) number.

The IMSI functions much like a person's social security number and is one way by which service and network providers track customer billing addresses. Knowing a customer's IMSI provides a wealth of information about that person, including his or her name, address, and telephone number. The IMSI can also display where a customer's wireless device is located on the area network, down to the city level.

IMSI numbers can be useful for law enforcement officials who wish to track and identify suspects or make arrests. Police require a court order in order to obtain this information, and will then work directly with the wireless network, using the IMSI number database, in order to track suspects and criminals and obtain their names, addresses, and telephone numbers.

However, hackers who obtain IMSI numbers can use them to query subscriber databases as well (3). This is easy to do if the hacker has a cohort working at a company with access to what are known as SS7 networks. These networks help route and connect calls, and are often used by text messaging firms, mobile service retailers, or general marketing firms. While most of these marketers do not have full access permission into the SS7 network, it would not be difficult for a hacker to go around those blocks and gain access. With the IMSI number in hand, that hacker could then use the SS7 network to not only find out an individual subscriber's personal information and whereabouts, but he or she could gain access to the entire subscriber database as well.

Unfortunately, service providers including AT&T carry ICC-ID numbers that are too easily rearranged into IMSI numbers (4). As the recent security breach at AT&T has shown, it is only too easy for someone with a little bit of computer savvy to easily gain access to customer records and even whereabouts.

References:

1. AT&T: iPad hackers' actions done 'maliciously' http://www.msnbc.msn.com/id/37694308/ns/technology_and_science-tech_and_gadgets/

2. AT&T Explains iPad Security Breach http://bits.blogs.nytimes.com/2010/06/13/att-explains-ipad-security-breach/

3. AT&T-iPad breach could be serious after all http://gcn.com/articles/2010/06/29/att-ipad-breach-more-serious.aspx

4. SIMs and Salsa, by Lee Reiber, Mobile Forensics, Inc. http://www.mfi-training.com/forum/paper/SIM&Salsa.pdf