Here is the script referenced in the Gawker story from earlier that describes how a number of early iPad 3G subscribers, including names like Harvey Weinstein, Michael Bloomberg, Diane Sawyer, and Rahm Emanuel had their e-mails revealed via a poorly designed web application hosted by AT&T.
Goatse Security, named for the famous Internet shock image, wrote the script to harvest e-mail addresses by providing ICC-ID numbers (integrated circuit card identifier, a number that associates a SIM card with a subscriber) and parsing the returned e-mail address.
After speaking with Goatse Security member Weev, he was kind enough to share the script:
There are probably a few things worth pointing out. They had to set the user-agent string to be the iPad as shown:
The vulnerable URL at att.com was:
https://dcp2.att.com/OEPClient/openPage?ICCID=Insert number here&IMEI=0
And that’s it, an e-mail address gets returned in the successful iterations (active ICCID) and parsed. There’s no hack, no infiltration, and no breach, just a really poorly designed web application that returns e-mail address when ICCID is passed to it.
Filed Under: Enumeration