Goatse Security, the company that discovered a vulnerability with AT&T’s network and the iPad 3G, has responded to the apology e-mail sent out to customers yesterday. In the e-mail, AT&T claimed that hackers went to great lengths in order to create vulnerabilities in which iPad 3G user locations could be identified, and their e-mail addresses determined. The response by Goatse Security can probably be best summed up by its own words, “You should thank us, but you can keep on shit-talking if you want. We know what we did was right.”
According to Goatse, AT&T was dishonest about the situation and would never have disclosed the security vulnerability had it not been made public by the security company. Not only was AT&T dishonest, but its claims about how the vulnerabilities were discovered and exploited were plain disingenuous. On top of that, the carrier claims that there was no genuine security risk and that only the most sophisticated of hackers could do anything with the ICCID or any of the other information gleaned from the hack.
Not so, according to Goatse. The company says that even a hack of a hacker can determine iPad 3G location based on the ICCID, and more sophisticated ones could do a lot more damage with the security flaw.
At this point, it appears as though AT&T is being less than truthful in order to keep iPad 3G customers from terror and panic, but there are ways to disclose the truth without doing so. The fact that it took several days for AT&T to disclose this to customers and apologize for it is disheartening. What gives? And while AT&T is busy blaming a security company, accusing it of malicious hacking and wrongdoing, the truth will come out once we find out whether the FBI thinks there was any illegal activity at all.
[Via: Goatse Security]