Don't blame Apple for AT&T's security ineptitude
As we reported last night, a technology tabloid has published a sensationalist article blaming Apple for AT&T's security problems. Email addresses and the "ICC-ID" of 3G iPad users were compromised due to a flaw in AT&T's servers. Some prominent people in business and government had their email addresses exposed. These email addresses were stored on AT&T's computers.
So why is this Apple's fault? Because Apple has teamed up with AT&T, and therefore -- through the transitive power of magical thinking coupled with a deep desire for web traffic and Digg hits -- Apple is responsilbe for ensuring that AT&T doesn't make any mistakes. Apple is supposed to "patrol" AT&T's network.
Did you follow that logic?
Imagine if you go to the Department of Motor Vehicles and get yourself a driver's license. The DMV requires that you put your address on your license, and they require that your car be registered with the Registry of Motor Vehicles. Now let's assume that the people at the DMV are very smart people, and very security conscious. Let's further assume that the people at the Registry of Motor Vehicles are nimrods who forget to lock their doors, and one night someone breaks in and steals all of their records.
Are you going to go to the DMV and blame them for this? Unless you've been dropped on your head, the answer is "of course not." You are going to blame the RMV.
The only exception might be if the people at the RMV are so notoriously inept that you know anyone who hears this story is going to roll their eyes and say, "Of course those idiots did it again." No one is going to pay any attention to that. But if you blame the DMV, who have a reputation for being very smart people, oh, then you might get people's attention.
Look, we all know what this is, right? A website offering wild interpretations of the facts in order to get attention.
What is the actual damage done? The exposure of the ICC-ID numbers has no demonstrated risk associated with it. A lot of email addresses were exposed. A bunch of people are wishing that they had used their Gmail addresses instead of their actual work addresses. Is there a rational expectation that anything worse will happen?
Look, I'm happy to criticize Apple's choice of AT&T. I'd be glad to see the iPhone and iPad available on several different networks in the USA. Competition would lower rates, not to mention spreading out iPhone and iPad users among several carriers would ease the bandwidth burden. But let's not forget that Apple got AT&T to agree to host the iPad without a contract. That's still a very big deal, and will have a much better long-term effect, not only in the USA but across the world.
"AT&T screwed up" is a "dog bites man" headline. "Apple screwed up" is a "900+ Digg/4300+ retweet" headline.
Don't believe the hyperbole.
Share
Categories
As we reported last night, a technology tabloid has published a sensationalist article blaming Apple for AT&T's security problems....
Add a Comment
Yeah, except for the fact that people are Actually blaming Apple for the separate and unrelated Safari overflow exploit that Apple still hasn't patched on the iPhone (which has nothing to do with the Other iPhone-related security issue caused by AT&T you mention). But your reality is nice too.
And I definitely hear a fanboy alert going off somewhere. There are many news articles reporting Verizon was interested in the iPhone, but Apple wanted complete control of registration and technical support, and (most importantly) a bigger cut. In the end, Apple is a corporation like any other, and as the phrase "don't be evil" is nowhere to be found in their corporate guidelines, it all comes down to dollars and cents. AT&T was willing to give apple more money per iPhone customer, and that's probably because AT&T knew its wireless market share was bleeding clients to Verizon, and it knew it needed a last stand, so it was willing to whore itself out much more than Verizon (which probably didn't expecte the iPhone to be as revitalizing as it was). If Verizon had gotten the iPhone, AT&T Mobility would be practically non-existent by now (except for the sliver Verizon & competitors spare to prevent Monopoly suits).
I'm not surprised. Even the cases at Foxconn, a local newspaper here said: "Apple's employees suicide."...
June 10 2010 at 9:23 PM Report abuse Permalink rate up rate down ReplyWhen you recommend (or indeed force as Apple does) another company to be part of your service you need to be completely aware that their failings are going to be treated as yours.
Partners should be carefully selected to make sure their abilities align well with yours.
You can't just shrug off that responsibility. Can you imagine Dell shrugging off LCD failures because the part comes from Samsung? Or your auto manufacturer telling you to go see the tyre company it chose to fit as factory standard?
No.
Don't compare things with government departments - they have little in common with commerce.
There is a never so slightly difference between a UMTS carrier compared to LCD displays...
June 11 2010 at 6:08 AM Report abuse Permalink rate up rate down ReplyNot Apple's fault, agreed. But Apple have aligned so closely with the awful AT&T, they run the risk of damaging their brand when mistakes like this are made.
June 10 2010 at 3:36 PM Report abuse Permalink rate up rate down ReplyI guess you don't read the papers or watch TV, then.
June 10 2010 at 3:05 PM Report abuse Permalink rate up rate down ReplyGet real guys, big companies hold each other accountable for security all the time. ATT should know better and Apple should know better.
Both Apple and ATT should be in the hot seat for this because they both failed at doing the right thing. You should be thanking the guys at Goatse Security for even publishing that this happened, otherwise you'd never know because ATT/Apple are not likely to talk about something like this.
I own an iPhone, am a fan of Apple, and kind of neutral about AT&T. With that said, I feel that Apple is to blame for this as well as AT&T. Same as Apple checks every app in the app store, they should check and make sure what AT&T does will work.
This is similar to the BP oil spill in the Gulf. BP is getting all the blame, but they don't own the oil rig, nor did they do they work on the rig. There are many companies involved in the oil spill. BP is top in the chain, and should get most of the blame because they should have checked the work done by the companies they hired.
Apple should have checked the work done by AT&T.
For the AT&T fanboys.
Computerworld - The harvesting of over 100,000 iPad 3G owners' e-mail addresses was not a hack or a classic data breach, but a brute-force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday.
According to New York-based Praetorian Security Group, which obtained a copy of the PHP script used to scrape e-mail addresses from AT&T's servers, the attack succeeded because the mobile carrier used poorly designed software.
There are AT&T Fanboys? O_O!
June 10 2010 at 2:22 PM Report abuse Permalink rate up rate down ReplyThanks, that was a real LOL moment. I've always found it amusing when someone trots out the "fanboy" term for a business that obviously doesn't have any. Apple obviously does. Microsoft? I've never met anyone that was an obsessive fan for Microsoft products. And I never in my life would have thought I'd see the words "AT&T" and "fanboy" in the same sentence. Seriously, I challenge you to find anyone that is even a mild fan of AT&T. It's like being a fan of your local power company or of an oil company. Some industries just don't engender loyalties in their customers.
June 10 2010 at 5:48 PM Report abuse Permalink rate up rate down ReplyAgreed. No one with at least two brain cells to rub together honestly finds Apple at fault here. Only sensationalist blogs fishing for page views. Way to add fuel to the fire and show just how mature you are. Calm down, no one is after Jobs' head for this. Now, the Google AdMob exclusion is a another thing...
June 10 2010 at 1:35 PM Report abuse Permalink rate up rate down ReplyIts def ATT's fault but jeez peeps. eeeeeasy
June 10 2010 at 1:27 PM Report abuse Permalink rate up rate down ReplyMy beef is geared more towards Gawker and Gizmodo (as if my avatar doesn't show my slant).
Gizmodo has proven time and time again they are not "journalists". What they pulled with the iPhone 4G and the $5,000 proves that (tabloid bloggerism).
So Apple goes after them (Gawker/Gizmodo) on a legal front and the best way they can find to fight back is by becoming a tabloid and posting articles leaning towards showing Apple in a bad light to the public.
Gizmodo and their parent company need to suck it up and admit they were in the wrong and quit dredging up stories to slant them to their needs.
sorry for the pontification
Hot Apps on TUAW
Deals of the Day
more deals- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
- Philips wOOx Alarm Clock Radio for Apple iPod / iPhone for $60 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
48 Comments