FBI investigates Goatse's harvesting of iPad users’ e-mail addresses

The US Federal Bureau of Investigation (FBI) is looking into whether security researchers broke the law in conducting tests that exposed a iPad security...

The US Federal Bureau of Investigation (FBI) is looking into whether security researchers broke the law in conducting tests that exposed a iPad security flaw.

The researchers from Goatse Security were able to access the e-mail addresses of 114,000 users of the 3G iPad because of a flaw in the website of iPad US carrier AT&T.

Goatse Security found a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries.

The group wrote an automated script to repeatedly query the site and harvest the addresses of iPad users in the US, including top company executives, government officials and military officers.

The FBI is investigating how private information about iPad users was compromised and whether the actions of the researchers constitute a crime, according to US reports.

US law prohibits the unauthorised access of computers, but it is unclear whether the script used by Goatse Security qualifies.

Goatse Security maintains there was no illegal activity or unauthorised access involved and said in a blog post that although it did not contact AT&T directly, it made sure the company was tipped off.

The security vulnerability was fixed before it was publicised, all the private user information gathered was destroyed, and no remuneration was received, the group said.

"This disclosure needed to be made. iPad 3G users had the right to know that their e-mail addresses were potentially public knowledge so they could take steps to mitigate the issue (like changing their e-mail address). This was done in service of the American public," the group said.

According to Goatse Security, there was no breach, intrusion or penetration because all data was gathered from a public webserver with no password, accessible by anyone on the Internet.

“The FBI is aware of these possible computer intrusions and have opened an investigation to address the potential cyber threat,” FBI spokesman Jason Pack told Reuters.

AT&T, which launches the iPhone 4 on 24 June, said only e-mail addresses were exposed to hackers who identified a security weakness. It said it has corrected the flaw, but declined to comment on the FBI probe.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close