Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Breach May Be Worse Than Initially Thought

Posted by Soulskill on from the i-smell-class-action dept.

ChrisPaget writes "I'm somewhat of an authority on GSM security, having given presentations on it at Shmoocon (M4V) and CCC (I'm also scheduled to talk about GSM at this year's Defcon). This is my take on the iPad ICCID disclosure — the short version is that (thanks to a bad decision by the US cell companies, not just AT&T) ICCIDs can be trivially converted to IMSIs, and the disclosure of IMSIs leads to some very severe consequences, such as name and phone number disclosure, global tower-level tracking, and making live interception a whole lot easier. My recommendation? AT&T has 114,000 SIM cards to replace and some nasty architectural problems to fix." Reader tsamsoniw adds that AT&T has criticized the security group responsible for pointing out the flaw, while the group claims they did it 'as a service to our nation.'

4 of 102 comments (clear)

  1. Uh, correct me if I understood the story wrong by Anonymous Coward · · Score: 0, Troll

    But did the group not A) download all the data to detect that it could be done, B) warn AT&T who immediately plugged the whole, C) send a small sample to a journalist which he censored to publish the story?

    How has Goatsesecurity done anything they shouldn't have, EXCEPT draw attention to the fact that they were possibly not the first people to exploit the hole?

  2. Re:Meanwhile on the Titanic.... by BBTaeKwonDo · · Score: 0, Troll

    At the risk of being labeled an AT&T stooge, a better analogy would be, "Captain, I discovered that the bulkheads that seal the ship in case of a hull breach actually stop several floors short. I verified this by damaging the hull with an iceberg and observing that the water lapped over the bulkheads. That's why your feet are wet."

  3. Link please by Locke2005 · · Score: 0, Troll

    Goatse Security

    Wait... is this correct?

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  4. Re:How about Sprint and Verizon? by Anonymous Coward · · Score: 0, Troll

    Newsflash, CDMA is used all over the world. Europeans are embarrased by the fact that their GSM's 3G is a complete ripoff of CDMA so they like to lie about it and trash it by saying only "backward americans" use it.

    GSM is used more because it got a foothold earlier, similar to microsoft windows. CDMA is used in most countries though. Despite its incompatibility with GSM, it is deployed in areas already served by GSM due to its technical superiority.

    In fact, some European phone companies use it (for example netcologne and ice.net), an embarassing fact many gsm fanboys would like to keep hidden.