It's Apple week! We're examining the world's largest tech company from all angles. Stay tuned to Fool.com all week for full coverage.
By now, you've heard the news: a hacker cracked Apple's (Nasdaq: AAPL) iPad by exploiting a hole left open by AT&T (NYSE: T). More than 100,000 email addresses were exposed, including those of journalists, movie producers, and government officials. The FBI is investigating the breach, and AT&T has apologized in a letter to customers, a copy of which you can find at the Boy Genius Report.
Read the letter for details of how the attack was executed. What matters to investors is that (a) an attack was attempted, and (b) that the hackers waited for the vulnerability to be fixed before publicizing it to the wider world.
And yet AT&T isn't exactly thanking the code ninjas at Goatse Security, who discovered the flaw. "The hackers deliberately went to great efforts with a random program to extract possible ICC-ID (i.e., a device-specific identifying number) and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity," wrote AT&T Chief Privacy Officer Dorothy Attwood in the letter to customers.
Translation: Thanks for showing the world just how vulnerable our network is, punks. Want to come kick our dog, too?
On one level, Atwood's response is understandable. The hackers didn't contact AT&T directly, choosing instead to advertise the problem over the blogosphere. The ensuing media frenzy has created PR trouble for both Apple and AT&T. Worried shoppers may now be more likely to consider iPad alternatives from Dell (Nasdaq: DELL) and Hewlett-Packard (NYSE: HPQ) than they had been a month ago.
But on another level, AT&T's response is like a Jedi mind trick. ("This vulnerability isn't as bad as you think it is, and it never would have happened if coffee-swilling hackers hadn't spent sleepless weeks banging on our network.")
Goatse hacker Escher Auernheimer writes in a rebuttal that AT&T had days to notify the public of the exploit but chose not to. "Post-patch, disclosure should be immediate– within the hour," Auernheimer writes.
He's absolutely right. AT&T blew it on disclosure. The former Ms. Bell needs to take a hard look at its policy for discussing breaches from this point onward. Because there will be more of them.
Which, interestingly, could be very good news for investors. It suggests Apple's products have achieved the sort of popularity Microsoft (Nasdaq: MSFT) has enjoyed for decades.
Hackers attacked Windows because it was popular, and there was a good business to be made poking holes in the operating system, Office, and the Internet Explorer browser. If hackers are getting giddy about the iPhone and iPad, it's because these devices are emerging as the Windows PCs of the Mobile Web. They'll cash in by closing exploits.
Apple knows it, too. It's why CEO Steve Jobs is so paranoid about Adobe's (Nasdaq: ADBE) Flash technology. Forget the hyperbole about Flash's propensity to pig out on memory; Jobs doesn't like it because, like other Adobe apps, it's a security risk. He needs the iPhone and iPad to appear as insulated as the Mac.
"Appear" is the key word there. Neither device is hacker-proof. The very act of connecting to a network creates risk. As investors, the best we can hope for is that Apple and AT&T encourage more outfits like Goatse to help them find and fix unseen vulnerabilities before the miscreants do.
In other words, AT&T, this is your wake-up call. Are you listening?
How vulnerable are the iPad and iPhone to hacker attacks? Tell us what you think using the comments section below.
