Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > AT&T reports security breach through smartphone unlocking service

AT&T reports security breach through smartphone unlocking service
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jun 13, 2014, 09:22 PM
In a filing with California regulators this week, AT&T has revealed that it suffered a security breach in mid-April of this year that allowed employees of a smartphone unlocking service to access personal customer records. The carrier has sent out letters to affected customers. The letter says AT&T believes its service provider copied customer records "as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market."

According to the report, the copying took place between April 9–21, and that the employees of the service provider may have copied customer data, call records and Social Security numbers of customers. AT&T itself will unlock smartphones once they are completely finished with the original contract, and other carriers often have even more liberal unlocking policies. However, impatient customers or frequent travellers often resort to using third-party unlocking services which sometimes rely on borrowing a different customer's records in order to fool the carrier into providing the unlock code needed to disable the carrier-based locks on the device.

AT&T wouldn't say how many customers had been affected by the breach, but the number is thought to be large. The California law that forced the revelation of the stolen data requires such disclosures only if the breach affected more than 500 customers in the state, reports IDG.

The US House of Representatives last year passed a bill that reversed a Library of Congress decision that made unlocking smartphones without the carrier's permission (essentially giving them the sole discretion to unlock formerly-under-contract phones), but amended the original proposal to only allow unlocking by individuals who can be proven to own the phones in question, not "bulk" resellers (in an attempt to combat cellphone theft).

As the advocacy group the Electronic Frontier Foundation (EFF) explains, blocking the bulk unlockers (who acquire phones, unlock them and resell them), "sends two dangerous signals: (1) that Congress is OK with using copyright as an excuse to inhibit certain business models, even if the business isn't actually infringing anyone's copyright; and (2) that Congress still doesn't understand the collateral damage Section 1201 [of the DMCA] is causing. For example, bulk unlocking not only benefits consumers, it's good for the environment-unlocking allows re-use, and that means less electronic waste." That bill is currently stalled in the Senate.

The EFF and other unlocking proponents have since endorsed a different House bill, the Unlocking Technology Act, as it limits violation of section 1201 to "actual cases of copyright infringement," such as unauthorized persons attempting to unlock a smartphone. In the meantime, the FCC intervened in a limited way and pressured US carriers - including AT&T, which had previously had a no-unlocking policy - to honor unlock requests from customers who have paid off their contracts. However, the carriers are allowed up to a year to comply with the request. In most other countries, carriers are required to allow a smartphone to be unlocked if the customer is in good standing with the carrier following the first 90 days of the contract.
( Last edited by NewsPoster; Jun 14, 2014 at 01:53 AM. )
Junior Member
Join Date: Feb 2005
Location: Here.
Status: Offline
Reply With Quote
Jun 14, 2014, 04:53 AM
Secure customer data is a thing of the past, it seems.
Fact is better than fiction.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Privacy Policy
All times are GMT -4. The time now is 09:23 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2