Slashdot Mirror


AT&T Breach May Be Worse Than Initially Thought

ChrisPaget writes "I'm somewhat of an authority on GSM security, having given presentations on it at Shmoocon (M4V) and CCC (I'm also scheduled to talk about GSM at this year's Defcon). This is my take on the iPad ICCID disclosure — the short version is that (thanks to a bad decision by the US cell companies, not just AT&T) ICCIDs can be trivially converted to IMSIs, and the disclosure of IMSIs leads to some very severe consequences, such as name and phone number disclosure, global tower-level tracking, and making live interception a whole lot easier. My recommendation? AT&T has 114,000 SIM cards to replace and some nasty architectural problems to fix." Reader tsamsoniw adds that AT&T has criticized the security group responsible for pointing out the flaw, while the group claims they did it 'as a service to our nation.'

2 of 102 comments (clear)

  1. Re:Of course by interval1066 · · Score: -1, Redundant

    "...send AT&T a nice big bill for their services and AT&T would promptly pay it with a note of thanks."

    What kind of world do you think we live in? A just one?

    --
    Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
  2. Re:Well by mr_lizard13 · · Score: 0, Redundant

    I'm not. It's turning out to be a right pain in the arse.

    --
    "We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman