Escher Auernheimer, a member of the security group Goatse Security, has posted a public response to AT&T’s customer email regarding the recent exposure of over 100,000 customer emails and SIM ICC-ID numbers. He claims that if the group and the third parties had not exposed the security hole, AT&T “would have never fixed” the problem, and that the company “had plenty of time to inform the public” about the problem before Goatse went public, but it did not, and also pointed out that the potential for exploitation of other vulnerabilities still exists.
“AT&T is not highlighting the potential for a skilled attacker to use a Safari exploit, or other iPad application exploit based on this dataset to takeover the iPad,” Auernheimer said. “A complete list of iPad 3G customers (which could have been generated from this vulnerability) would have the ideal bit of data for those in the RBN with zero-day Safari exploits to acquire.”
Editor’s Note: Although it’s not prevalent, there is a small amount of foul language towards the end of Auernheimer’s post, making it possibly NSFW.
.