iPad e-mail leak: FBI rolls in

The security researchers who uncovered part of AT&T’s list of iPad users have inadvertently brought out the big guns. No, not Steve Jobs and his Apple cohorts, but the Federal Bureau of Investigation.

Spokeswoman Lindsay Godwin told the AFP news agency that “The FBI is aware of these possible computer intrusions and has opened an investigation to address this potential cyberthreat.”

Clearly nobody would argue that law enforcers shouldn’t investigate what certainly appears to be a case of data theft, but it’s something of a surprise to see the big boys getting involved in what, despite the high-profile nature of the case, is hardly a piece of hacking with serious security consequences.

What’s actually been taken from AT&T (the security breach has nothing to do with the iPad device itself) is a list of around 114,000 iPad user’s e-mail addresses and the serial number on the corresponding SIM card.

What could have been done with this information in the wrong hands? Well, for a start it’s probably worth a fair price in the spam market: one thing you know about the people on this list is that they’ve likely got a bit of cash to splash, which always catches the interest of spammers.

Other than that, you have to stretch a bit. About the worst that anyone’s managed to conceive so far is that malware spreaders could send bogus e-mails with malicious attachments which appear to have come from AT&T or Apple and refer to the iPad, safe in the knowledge that the recipients are more likely to believe they are genuine.

The real fallout of the affair might be that we come one step closer to answering the long-running question of whether Apple products are inherently more secure or simply offer a less attractive audience to hackers. Esche Aurenheimer of Goatse (Google that at your peril…) Security, which uncovered the list, told CNET: “I think that Apple users now have an unrealistic expectation of protection that is going to be quickly shattered as they become a more sizable minority.”