Archive for the ‘Apple’ Category
The skinny on upgrading to the iPhone 4 (Q&A)
The new iPhone 4 unveiled Monday.
(Credit: James Martin/CNET)
The new Apple iPhone 4 goes on sale June 24th and eager fans are already trying to figure out how they can get their hands on the latest and greatest iPhone.
Apple CEO Steve Jobs called the iPhone 4.0, which is the fourth generation of iPhone, the “biggest leap since the original iPhone” was launched in 2007. The new device has a homegrown processor like the one used in the iPad and a bigger battery that offers up to seven hours of talk time, six hours of 3G browsing, and 300 hours of standby. It also comes with a new 5 megapixel camera that can record video in high-definition.
There’s also a camera situated on the front of the phone that can be used with Apple’s new FaceTime video chat application. The iPhone 4 will sport the latest iPhone operating system software, iOS 4, which includes a ton of new features, such as multitasking, a unified in-box, and conversation threading.
With all these new features and more, there’s no question that many existing iPhone, iPhone 3G, and iPhone 3GS users will be chomping at the bit to get a new iPhone 4 when it hits store shelves later this month.
But navigating the confusing world of carrier contracts and upgrade policies is no easy task. We contacted Mark Siegel, AT&T’s wireless spokesman, to get some answers about who is eligible to upgrade to the new phone. We also asked Siegel to clarify what type of new data plan is necessary for the new iPhone 4.
Last week, AT&T introduced new data plan pricing for all its smartphones. The company eliminated the $30 unlimited plan that was mandatory with the purchase of all iPhones. Instead, the company is offering two tiers of service: $15 for 200 megabytes of data per month and $25 for 2 gigabytes of data per month. Subscribers who exceed the 200MB on the $15 plan will get another 200MB for $15 a month. And those on the 2GB plan who exceed their monthly allotment will be charged $10 and will get an additional 1GB of data.
Below are some questions likely to be asked by those wishing to upgrade to the new iPhone 4 on AT&T’s network might have.
Q: Let’s say I already have an iPhone, but I still am on a contract for my previous iPhone. When am I able to upgrade to the iPhone 4 for the discounted price?
Siegel: iPhone customers eligible for an upgrade between now and the end of the year can get the discounted price on the device. We’ve accelerated upgrade eligibility for iPhone customers so they can experience the new device as soon as possible.
So this means I can get the 16GB for $199 and the 32GB for $299, correct?
Siegel: Correct.
During the keynote Jobs said that if your contract ends any time during 2010, you can get a new iPhone 4 for the discounted price if you re-sign a new contract. Is this true?
Siegel: If you are an iPhone customer who is upgrade-eligible this year, you can get the best price. Eligibility may or may not coincide with the end of your contract. It depends on your individual situation.
Will this extend my contract another two years from the new purchase date?
Siegel: Yes, when you upgrade, you will start a new two-year contract.
If I am upgrading from an iPhone to an iPhone 4, will I need to subscribe to one of the new data plans AT&T announced last week, or can I still keep the unlimited plan I had with my previous iPhone?
Siegel: If you want to keep the $30 unlimited data plan, you can.
Let’s say my contract doesn’t end until sometime in 2011 or 2012. Can I buy the new iPhone 4 at full price and activate that phone using my existing service plan?
Siegel: Yes.
If I do this, will I be able to continue to use my unlimited data plan? Or will I have to switch to the $15 or $25 a month plans?
Siegel: You can keep the $30 unlimited plan if you want to.
How much will the 16GB and 32GB models of the new iPhone 4 cost without a subsidy and contract? Is that option available?
Siegel: Yes, the phones are available without a contract and without a subsidy. The 16GB iPhone will cost $599 and the 32GB iPhone is $699.
If I buy my iPhone without a subsidy and without a contract, can I still keep my unlimited data plan, if I already have one from my previous iPhone?
Siegel: Yes.
So exactly who must get one of the new data plans?
Siegel: The people who must sign up for the new data plans are new customers and current AT&T non-smartphone customers who want to upgrade to the iPhone 4 or any other smartphone.
Will AT&T continue to sell the iPhone 3GS? Will the price change?
Siegel: Yes, and we announce a new iPhone 3G S priced at just $99.
Can I get the new iPhone 4 as part of an AT&T Family plan?
Siegel: Yes.
Is the iPhone 4 offered using a prepaid plan? Can I get the older iPhone 3GS with a prepaid plan?
Siegel: There are no prepaid plans for iPhones from AT&T. But you can get the device on a month-to-month basis if you are willing to pay the full retail price.
Can I activate the new iPhone 4 at home?
Siegel: Yes. In fact, we encourage people who pre-order to have the device sent to their homes, where they can activate it at their convenience.
For more information contact 678PC at 678-404-1001
Posted in 
AT&T Web site exposes data of 114,000 iPad users
A group of hackers exploited a hole in an AT&T Web site to get e-mail addresses of about 114,000 iPad users, including what appears to be top officials in government, finance, media, technology, and military.
The leak could have affected all iPad 3G subscribers in the U.S., according to Gawker, which broke the story on Wednesday. Among the iPad users who appeared to have been affected were White House Chief of Staff Rahm Emanuel, journalist Diane Sawyer, New York Mayor Michael Bloomberg, movie producer Harvey Weinstein, and New York Times CEO Janet Robinson.
A group that calls itself Goatse Security tricked the AT&T site into disclosing the e-mail addresses by sending HTTP (hyper text transport protocol) requests that included SIM card serial numbers for iPads, the report said. Because the serial numbers, called ICC-IDs (integrated circuit card identifiers), are generated sequentially, the researchers were able to guess thousands of them and then ran a program to extract the data by going down the list.
The hole in the AT&T Web site exposed e-mail addresses that correlated with serial numbers in iPads.
(Credit: Gawker)
AT&T spokesman Mark Siegel confirmed the breach to CNET, saying the company turned off the feature that provided e-mail addresses on Tuesday, one day after learning of the problem from someone not affiliated with the hacker group.
“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device,” he said in a statement.
“We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained,” he added. “At this point, there is no evidence that any other customer information was shared.”
Representatives from Goatse Security did not respond to an e-mail or phone call seeking comment, but Goatse analyst Jim Jeffers gave an interview to CBS News. The group, whose name references an Internet shock Web site, looks for security holes in software, including browsers.
Jeffers said the attack could have allowed someone to take control of the iPad and that potentially every 3G iPad subscriber was affected. Although AT&T maintains that only e-mail addresses were compromised, Jeffers said “it will allow someone who does the proper research to possibly target iPad 3G users and take over their iPads, and they could sniff traffic, they could act as the user of the iPad.”
Jeffers also said the group had contacted AT&T and waited until the company fixed the hole before going public with it.
Representatives from Apple did not respond to a request for comment.
A Web site issue
The problem is solely related to security on AT&T’s Web site and not Apple’s tablet, security experts stressed. Meanwhile, the type of weakness discovered in the AT&T site is fairly common, they said.
“It is an authentication error to not require user authentication before returning private data,” said Chris Wysopal, chief technology officer at Veracode. “This is the type of vulnerability that would be found with a very basic Web application assessment. Apple should require its service providers to show proof of an assessment of its Web apps if sensitive Apple customer is stored there.”
Neither e-mail addresses nor SIM serial numbers are considered to be sensitive information, experts said.
“Doesn’t seem like a huge deal to me,” said Charlie Miller of Independent Security Evaluators. “It’s not like peoples’ Social Security or credit card numbers were compromised.”
But try telling that to Rahm Emanuel or any of the officials in the Defense Department, federal court system, or Goldman Sachs whose e-mail addresses could be targeted for phishing and other attacks.
“Now everyone in the world knows these people have iPads, and here’s their serial number and here’s their e-mail address,” said Bill Pennington, chief strategy officer at White Hat Security. “This puts them in a more vulnerable state.”
There is also the possibility that a SIM serial number could be used to get other customer information through this or other vulnerabilities on the AT&T site, he said. And there’s a chance that not only iPad users were put at risk. “I believe this number could identify any 3G device on the AT&T network,” not just iPads, Pennington said.
“Obviously, AT&T is using the ICC-ID as some sort of authentication mechanism,” said Kevin Mahaffey, chief technology officer at mobile security firm Lookout.
“The question is: in the back-end are there other systems that are using the number as an identifier for other things?” he said. “There is a trend to use identifiers associated with devices as a way to trigger billing or interact with the account. There is some trust associated with these numbers.”
Another security expert said the breach revealed enough information that a determined attacker could use to target the specific device.
“At least in the United States, some major GSM providers are known to use ICCID values that contain the lower nine digits of the International Mobile Subscriber Identity (IMSI), which is considered to be a protected value. The other digits that make up an IMSI are either known or can be easily guessed by an attacker,” said Don Bailey, a security consultant at iSEC Partners.
“Knowing a subscriber’s IMSI allows a potential attacker to target that specific subscriber’s GSM handsets or devices using an IMSI catcher, which itself is a device that can intercept or manipulate GSM traffic,” Bailey said. “An attacker with access to an IMSI catcher can intercept the traffic of high-profile targets potentially leading to a loss of privacy. With the lowering cost of IMSI catching equipment, the ability for an attacker to correlate ICCIDs with high-profile individuals, then derive the IMSI from each ICCID, is a substantial threat to both corporate and personal privacy.”
According to Gawker, Goatse Security shared the exploit it wrote for the AT&T site with others. But Pennington said it seemed like the hackers were more interested in shaming AT&T over lax security than making money off the situation.
“I don’t think the data would have a lot of value in the underground,” Pennington said. “I think their primary motivation is shame and guilt.”
For more information about protecting your information and personal security please contact 678PC at 678-404-1001
