Hacker group: Apple iPad 'simply not a safe platform'

Goatse Security defends decision to publicize hole in AT&T's Web site in the name of national security

Apple's reputation for security continues to take hits as hacker group Goatse Security today accused the company of failing to patch a flaw in Safari -- known since March -- and rendering iPads susceptible to active exploits in the hundreds, if not thousands.

The disclosure appeared in a blog post by Goatse Security group member Escher Auernheimer; he further lashed back at AT&T in its criticism of Goatse's decision to publicize the vulnerability that exposed iPad users' email addresses.

[ Also on InfoWorld.com: The AT&T leak is no big deal -- really | The FBI is investigating the iPad email leaks as a potential cyber threat. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

According to Auernheimer, Goatse Security released an overflow exploit for Safari back in March. Apple patched the vulnerability for the desktop, but not for the iPad: "This bug we crafted allows the viewer of a Web page to become a proxy (behind corporate and government firewalls!) for spamming, exploit payloads, password bruteforce attacks, and other undesirables. The kicker is that this attack cannot be detected by any current IDS/IPS system. We released this in March, mind you, and Apple still hasn't got around to patching this on the iPad!" Auernheimer wrote.

Auernheimer concludes that Apple's failure to patch the vulnerability has given hackers an opportunity to develop hundreds, if not thousands, of active iPad exploits, which means "the iPad simply is not a safe platform for those that require a secure environment."

That led to the group's decision to reveal the hole in AT&T's Web site, which Auernheimer said the group did in the name of national security. Auernheimer reasoned that AT&T was not moving quickly enough to protect iPad users, which include high-profile military leaders, politicians, and CEOs.

"When we disclosed this, we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare," Auernheimer wrote. "We understand that good deeds many times go punished, and AT&T is trying to crucify us over this."

This article, "Hacker group: Apple iPad 'simply not a safe platform'," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform