AT&T's Big iPad Problem

It's Apple week! We're examining the world's largest tech company from all angles. Stay tuned to Fool.com all week for full coverage.

By now, you've heard the news: a hacker cracked Apple's (Nasdaq: AAPL  ) iPad by exploiting a hole left open by AT&T (NYSE: T  ) . More than 100,000 email addresses were exposed, including those of journalists, movie producers, and government officials. The FBI is investigating the breach, and AT&T has apologized in a letter to customers, a copy of which you can find at the Boy Genius Report.

Read the letter for details of how the attack was executed. What matters to investors is that (a) an attack was attempted, and (b) that the hackers waited for the vulnerability to be fixed before publicizing it to the wider world.

And yet AT&T isn't exactly thanking the code ninjas at Goatse Security, who discovered the flaw. "The hackers deliberately went to great efforts with a random program to extract possible ICC-ID (i.e., a device-specific identifying number) and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity," wrote AT&T Chief Privacy Officer Dorothy Attwood in the letter to customers.

Translation: Thanks for showing the world just how vulnerable our network is, punks. Want to come kick our dog, too?

On one level, Atwood's response is understandable. The hackers didn't contact AT&T directly, choosing instead to advertise the problem over the blogosphere. The ensuing media frenzy has created PR trouble for both Apple and AT&T. Worried shoppers may now be more likely to consider iPad alternatives from Dell (Nasdaq: DELL  ) and Hewlett-Packard (NYSE: HPQ  ) than they had been a month ago.

But on another level, AT&T's response is like a Jedi mind trick. ("This vulnerability isn't as bad as you think it is, and it never would have happened if coffee-swilling hackers hadn't spent sleepless weeks banging on our network.")

Goatse hacker Escher Auernheimer writes in a rebuttal that AT&T had days to notify the public of the exploit but chose not to. "Post-patch, disclosure should be immediate– within the hour," Auernheimer writes.

He's absolutely right. AT&T blew it on disclosure. The former Ms. Bell needs to take a hard look at its policy for discussing breaches from this point onward. Because there will be more of them.

Which, interestingly, could be very good news for investors. It suggests Apple's products have achieved the sort of popularity Microsoft (Nasdaq: MSFT  ) has enjoyed for decades.

Hackers attacked Windows because it was popular, and there was a good business to be made poking holes in the operating system, Office, and the Internet Explorer browser. If hackers are getting giddy about the iPhone and iPad, it's because these devices are emerging as the Windows PCs of the Mobile Web. They'll cash in by closing exploits.

Apple knows it, too. It's why CEO Steve Jobs is so paranoid about Adobe's (Nasdaq: ADBE  ) Flash technology. Forget the hyperbole about Flash's propensity to pig out on memory; Jobs doesn't like it because, like other Adobe apps, it's a security risk. He needs the iPhone and iPad to appear as insulated as the Mac.

"Appear" is the key word there. Neither device is hacker-proof. The very act of connecting to a network creates risk. As investors, the best we can hope for is that Apple and AT&T encourage more outfits like Goatse to help them find and fix unseen vulnerabilities before the miscreants do.

In other words, AT&T, this is your wake-up call. Are you listening?

How vulnerable are the iPad and iPhone to hacker attacks? Tell us what you think using the comments section below.

Apple and Adobe are Motley Fool Stock Advisor selections. Google is a Motley Fool Rule Breakers recommendation. Microsoft is a Motley Fool Inside Value pick. Motley Fool Options has recommended a diagonal call position on Microsoft. Try any of our Foolish newsletter services free for 30 days.

Fool contributor Tim Beyers is a member of the Motley Fool Rule Breakers stock-picking team. He had stock and options positions in Apple at the time of publication. Check out Tim's portfolio holdings and Foolish writings, or connect with him on Twitter as @milehighfool. The Motley Fool is also on Twitter as @TheMotleyFool. The Fool's disclosure policy is feeling a quart low today.


Read/Post Comments (7) | Recommend This Article (5)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On June 15, 2010, at 2:26 PM, theHedgehog wrote:

    [quote]By now, you've heard the news: a hacker cracked Apple's (Nasdaq: AAPL) iPad by exploiting a hole left open by AT&T (NYSE: T).[/quote]

    I would just like to point out that this statement is not actually correct. It was the poorly designed (from a security standpoint) AT&T authentication system that was cracked, and not the iPad. The hackers used random numbers to spoof ipad serial numbers to access the AT&T site. This was an AT&T problem, not an Apple problem.

    Disclaimer: I do not own any Apple products, nor am I an Apple or AT&T employee.

  • Report this Comment On June 15, 2010, at 2:33 PM, XMFTom7 wrote:

    I'm just wondering how this hacker group got the reputation of being a "firm." They're gray hat at best, and they certainly aren't interested in the public good as much as they just garnering publicity for themselves.

    And their name and logo speaks volumes, I think, as to how serious the media should consider them. ;)

    Which is not to say that AT&T didn't handle this poorly, from the coding of the hole to the P.R. surrounding its discovery, but still, it's a tempest in a teapot at best when you think about the fact that Microsoft still has to release several bugfixes weekly to prevent hackers from exploiting holes in their flagship OS.

  • Report this Comment On June 15, 2010, at 3:00 PM, TMFMileHigh wrote:

    @theHedgehog -- Thanks for writing. I think it's clear from the entire text of the article, including the lede and headline, that this was an AT&T problem.

    @TMFTom7 -- True, these guys aren't saints, but do you know any hacker who is? Aren't all the legit hacker consultancies gray hat? Perhaps I'm being naive here, but I think this is a service Apple hasn't benefited from because hacking iProducts hasn't been much fun. That's changing, and that has implications.

    FWIW and Foolish best,

    Tim (TMFMileHigh and @milehighfool on Twitter)

  • Report this Comment On June 15, 2010, at 3:37 PM, XMFTom7 wrote:

    Your points are more than valid -- I just think that this particular hole was relatively inconsequential, but the media in general is giving these hackers a pass in a) referring to them as a consultancy or a firm (when they're clearly not), or b) not doing a little bit of digging as to who or what they are. Go to the hackers' main website, and then click on the link that supposedly reveals their "parent company."

    I'm simply flabbegasted that the press in general (not us, since it's outside the purview of investment-worthy news) sees more interest in milking the fear/uncertainty/doom news cycle for everything that can be gotten out of the AT&T and Apple brand names than in talking about who or what "Goatse Security" is, particularly since so many white hats basically wrote the exploit off as annoying at worst. I wonder how many of those news organization fact checkers hit the GS website and then clicked on the link to see who GS identifies themselves as a wholly owned subsidiary of... not many, I'll bet.

  • Report this Comment On June 15, 2010, at 3:41 PM, theHedgehog wrote:

    @Tim,

    There is this public misconception that since Microsoft is routinely hacked, then Apple and Linux are as well. There's also the idea that since much of Apple and all of Linux is open source then they're that much easier to hack. Finally, there it the belief, circulated by the uninformed media, that Apple and Linux haven't been hacked because there aren't enough customers to be bothered. Then, there are fear-monger stories like this one, that begin by stating that some Apple or Linux product has been hacked. I posted just to point out that it didn't happen, and that it's extremely unlikely to happen.

    cheers,

    Hedge

  • Report this Comment On June 15, 2010, at 4:15 PM, TMFMileHigh wrote:

    @Hedge,

    Thanks for clarifying.

    >>There is this public misconception that since Microsoft is routinely hacked, then Apple and Linux are as well.

    I think the opposite is true; the public perception is that Apple and Linux haven't been hacked because hackers can't be bothered with these systems. I agree with you that this perception is more myth than fact.

    But I also don't think it wouldn't be fair to sweep aside legit security concerns like this one. The iPhone has also suffered breaches. Here's an example:

    http://www.fool.com/investing/general/2010/06/03/cupertino-w...

    For a variety of reasons, Macs have proven to be reasonably secure over the years. We can't yet say the same about the iPad and iPhone.

    FWIW and Foolish best,

    Tim (TMFMileHigh and @milehighfool on Twitter)

  • Report this Comment On June 16, 2010, at 8:07 AM, TMFMileHigh wrote:

    Well, lookie here:

    >>But I also don't think it wouldn't be fair to sweep aside legit security concerns like this one.

    (Sigh.)

    This, Fools, is what happens when you write comments quickly, without the aid of that brain booster known as caffeine. What I should have said was:

    >>But I also think it wouldn't be fair to sweep aside legit security concerns like this one.

    Humbly,

    Tim (TMFMileHigh and @milehighfool on Twitter)

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 1209004, ~/Articles/ArticleHandler.aspx, 11/25/2014 11:30:24 PM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement