Editor’s note: This guest post is written by Kevin Mahaffey, CTO of Lookout Mobile Security.

The iPad security breach last week potentially exposed the emails of 114,000 AT&T customers, but that is not the only information that could have been discovered by clever hackers. iPad owners will be surprised to know that the data breach revealed far more personal and sensitive information than is generally known. Reports initially said only email addresses and ”ICC-ID numbers,” a seemingly unimportant identifier, were leaked. But those ICC-ID numbers reveal a lot about users, their identity and their location.

In fact, just a little fifth-grade math will allow you to turn the seemingly innocuous ICC-ID number into the more sensitive and generally protected “IMSI”—International Mobile Subscriber Identity. (You basically rearrange some digits). This number is unique to each SIM card and can be used to determine:

• a person’s approximate location—you could track them to see where they are in real-time
• a person’s associated phone number
• and, in some cases, a person’s physical address.

Security researcher Chris Paget goes into more technical detail on the security hole and how it can expose the personal information indicated above. Once you have the IMSI, you can get the phone number, which potentially exposes more data such as a subscriber’s address and physical location. Suffice it to say that this vulnerability reveals a far bigger security risk and presents a new challenge that carriers and device makers should address right away. Carriers need to clearly separate what is public and what is private. Public identifiers like ICC-ID should not allow someone to retrieve private information.

Cyber criminals or hackers would only need to do the same mathematical conversion that we are able to do to expose this highly personal information.

Crunchbase

• AT&T
• IPAD

Company: AT&T

Website: att.com

IPO: NYSE:T

AT&T is the largest provider of both local and long distance telephone services, and DSL Internet access in the United States and the second largest wireless service provider in the United States.

Learn more

Product: iPad

Website: apple.com

Company Apple

The Apple iPad, formerly referred to as the Apple Tablet, is a touch-pad tablet computer announced in January 2010, and released in April 2010. It has internet capabilities running on either WiFi or 3G, and offers an optional dock with a full size mechanical keyboard. The 3G is provided by AT&T, but comes unlocked with microsim cards on the GSM network. The 3G does not require a long-term contract. The iPad is a line of tablet...

Learn more