Add to del.icio.us     Digg this

August 16, 2010

Hackers have exposed a major security flaw about Apple's iPad and have now been questioned by a federal grand jury about the security issues, after publishing all the various and intricate details on an AT&T website dedicated for iPad users. The incident has generated a lot of coverage in the media in the last few days.

"Two Goatse analysts, Sloth and Rucas went before a grand jury on August 11," said Andrew Auernheimer, a key member of the hacker group that calls itself Goatse, wrote in an e-mail response to some questions.

Auernheimer and another member of the hacker group declined to give the real names of the individuals who were questioned or to provide additional information in any way, and still remains tight-lipped about the whole story.

Auernheimer, whose hacker handle is "weev," was arrested last June after FBI agents searching his Fayetteville, Ark., home for evidence related to the AT&T case allegedly found drugs.

Auernheimer didn't show up for a court hearing on the drug charges and was arrested on July 21st for failing to appear at the arraignment, said John Threet, a prosecutor in Washington County, Ark.

An arraignment date on all of the charges is set for August 23, Threet said.

The hacker group had gone public about a week earlier by posting an article about the iPad security issue on the AT&T website that exposed the e-mail addresses of about 114,000 iPad users and the serial numbers of the SIM (Subscriber Identity Module) cards in the devices.

This placed iPad users at increased risk of phishing attacks, as well as other potential attacks targeting the iPad specifically, security experts said.

The DoJ (Department of Justice) acknowledged that it and the FBI were conducting a full-fledged criminal investigation into the AT&T incident in a letter addressed to Auernheimer that he posted on the Web last month.

"You are a main target of that investigation," states the letter from U.S. Attorney Lee Vartan. "In the event that I do not hear from either you or an attorney acting on your behalf by June 30, I shall conclude that you do not wish to discuss this matter with my Office. Consequently, I will present evidence to a federal grand jury, which may result in you being named as a defendant in an indictment."

Bryan Travers, a spokesman in the FBI's office in Newark, N.J., which is leading the investigation, said he could not confirm or deny the information because he can not comment on an active case. The reluctance of law enforcement to discuss the investigation makes it difficult to independently verify information from the hacker group.

Auernheimer still insists that his group has done nothing illegal in the case.

"AT&T published private information for the world to see, essentially sticking their private diary on a shelf of the public library. The true extent of how responsible our disclosure was will come out in the trial if there is one."

In other mobile security news (but unrelated), Apple has released a security update that the company says will fix its iOS operating system to address a dangerous security flaw that was exposed by a new jailbreak process about 10 days ago.

So far, the newest iOS version 4.0.2 is the second update to be released by Apple in as many months, and some wireless industry observers say it won't be the last. The first update directly addressed an issue that Apple claimed to have discovered while investigating issues with the antenna design on the iPhone 4.

Before that update, Apple's mobile devices were indicating a signal strength much greater than they were actually receiving. Remember the big antenna problem on the iPhone 4?

Overall, the new jailbreak approach exploited a critical security flaw in Apple's PDF-viewing engine and, by extension, alerted Apple to a significant issue with its proprietary PDF rendering engine.

While Apple routinely rolls out security updates to its iOS to address all kinds of various issues and introduce new features to the phone, it appears to address jailbreaking much more urgently, and usually takes this is a serious matter than needs to be addressed and fixed rapidly.

And so far, it seems to have done just that.

The latest security update is equally limited in scope. It only address the PDF security issue, or as Apple put it, the update "fixes security vulnerabilities associated with viewing malicious PDF files on the iPhone."

But in other iPhone-related news, some observers have reported that the long-delayed white iPhone 4 won't be making an appearance in the U.K. until the end of 2010.

When Steve Jobs addressed the white iPhone delays during a botched up press conference in July, he said the lighter-colored variant of the iPhone 4 would be shipping by the end of July.

But barley a week later, Apple had announced that the white models were being delayed once again, this time with an ambiguous target date of "later this year."

The iPhone 4 seems to have had more than its own share of issues since it came out about 6 to 7 weeks ago, and the press and media continue to cover the device very closely.

Steve Jobs' policy of defending the iPhone 4 will stay in place through the end of September, at which he said there might be a better solution or, more likely, the fervor over “Antenna Gate” as he referred to it, will have died down.

A lot could be hanging on that statement in light of reports that Apple knew about the problem well before launch. But again, just to be sure, Jobs called those reports a “crock.”

There is at least one key piece of evidence countering that claim though. Why, after three previous iPhone launches, did Apple decide to manufacture bumper cases (thin bands that only cover the exterior antenna, thereby avoiding contact with the user) for this iPhone?

Until the iPhone 4, Apple left cases and essentially every other add-on product for its iPhones to third-party manufacturers. Is it possible that Apple had the 'bumpers' manufactured even prior to the iPhone 4 launch, just in case.

Add to del.icio.us     Digg this

Source: The U.S. Department of Justice.