AT&T Breach May Be Worse Than Initially Thought

AT&T Breach May Be Worse Than Initially Thought 102

Posted by Soulskill on Monday June 14, 2010 @05:47PM from the i-smell-class-action dept.

ChrisPaget writes "I'm somewhat of an authority on GSM security, having given presentations on it at Shmoocon (M4V) and CCC (I'm also scheduled to talk about GSM at this year's Defcon). This is my take on the iPad ICCID disclosure — the short version is that (thanks to a bad decision by the US cell companies, not just AT&T) ICCIDs can be trivially converted to IMSIs, and the disclosure of IMSIs leads to some very severe consequences, such as name and phone number disclosure, global tower-level tracking, and making live interception a whole lot easier. My recommendation? AT&T has 114,000 SIM cards to replace and some nasty architectural problems to fix." Reader tsamsoniw adds that AT&T has criticized the security group responsible for pointing out the flaw, while the group claims they did it 'as a service to our nation.'

AT&T Breach May Be Worse Than Initially Thought

This discussion has been archived. No new comments can be posted.

Search 102 Comments Log In/Create an Account

Comments Filter:

Phew (Score:1, Funny)

by Azureflare ( 645778 ) writes: on Monday June 14, 2010 @05:49PM (#32571480)

I'm glad I got the WiFi-only version!

Well (Score:3, Funny)

by Anonymous Coward writes: on Monday June 14, 2010 @05:50PM (#32571488)

I'm proud that Goatse Security revealed this gaping security hole.

Meanwhile on the Titanic.... (Score:4, Funny)

by SunSpot505 ( 1356127 ) writes: on Monday June 14, 2010 @06:10PM (#32571806)

"Captain, I discovered that the bulkheads that seal the ship in case of a hull breach actually stop several floors short, and could be compromised in the event of a major collision."

"How dare you point out a fatal flaw in our Honorable Engineer's design. Now that the Icebergs know this, they will surely attack our boat! You should have kept your dumb mouth shut"

"but..."

Re:Well (Score:5, Funny)

by Krondor ( 306666 ) writes: on Monday June 14, 2010 @06:35PM (#32572108) Homepage

The best part about that team revealing this, was hearing NPR / CNN / BBC and others say Goatse in their broadcasts. Priceless!

Re:ICCID = IMSI (Score:4, Funny)

by The Yuckinator ( 898499 ) writes: on Monday June 14, 2010 @07:13PM (#32572552)

There's a luggage joke in here somewhere but I can't find it.

Re:So THAT'S how they'll do it. (Score:3, Funny)

by cynyr ( 703126 ) writes: on Monday June 14, 2010 @07:20PM (#32572624)

you seem a bit young, remember the baby bells? leasing your phone from ATT/MaBell? Their logo looks like the deathstar for a reason.

Re:ICCID = IMSI (Score:5, Funny)

by NixieBunny ( 859050 ) writes: on Monday June 14, 2010 @09:03PM (#32573524) Homepage

The story says that not all carriers encode it like this; some might have used such advanced encryption techniques as ROT13.
I wonder if the folks who do network design at AT&T have any idea at all that their job is related to security.

Re:ICCID = IMSI (Score:1, Funny)

by Anonymous Coward writes: on Monday June 14, 2010 @10:22PM (#32574060)

A suitcase full of artificial penises walks into an airport.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

AT&T Breach May Be Worse Than Initially Thought 102

AT&T Breach May Be Worse Than Initially Thought More Login

AT&T Breach May Be Worse Than Initially Thought

Phew (Score:1, Funny)

Well (Score:3, Funny)

Meanwhile on the Titanic.... (Score:4, Funny)

Re:Well (Score:5, Funny)

Re:ICCID = IMSI (Score:4, Funny)

Re:So THAT'S how they'll do it. (Score:3, Funny)

Re:ICCID = IMSI (Score:5, Funny)

Re:ICCID = IMSI (Score:1, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot