IPad's Security Breach - Research Paper Example

 iPad’s Security Breach Introduction Recently controversy hit Apple’s iPad or more specifically the iPad’s cellular network, AT&T as a security research company, Goatse Security pointed out a flaw in the security system. Goatse Security, reported to Gawker that using a script available at AT&T’s website, they were able to hack into the iPad and retrieve email addresses of possibly 11,4000 people including top celebrities, politicians, media personalities and also military personal. AT&T was informed on the breach and corrected the issue within a few days. However Apple remained silent on the issue since the breach occurred on the side of AT&T, which was already being criticized for its services by the public. Real World Example Hacking into an organization can never be justified on any ground. Certain security research firms claim that hacking allows them to find fault in the security systems and point them out to the organization. But even under such cases organizations suffer major setbacks due to hacking attempts. Even if hacking is to be attempted, it must remain confidential and public fear should not be escalated on such occasions. An example of hacking victim is Lockheed Martin. Lockheed Martin is a global security and technology company. Lockheed Martin is ‘Pentagon's No. 1 arms supplier and the U.S. government's top information technology provider’ (Reuter, 2011). Hacking into the system of Lockheed Martin translates as threatening the security of the US Nation. Hackers stole certain data from the company and used it to gain access to the employee remote networks by using the hacked "SecurID" electronic keys. These keys were considerably safe before the hacking attempt since they prevented hackers from gaining access through key-logging viruses. According to Lockheed Martin, they instantly found out that there system had been breached and took counter measures that meant changing the SecurID electronic keys of millions of employees. Corporate Ethics Statement The Computer Security Firm understands that integrity in every corporate aspect is achieved through hard work and honest introspection of the client’s security system. We are dedicated in our task to create a hacking free world through ethical practices that demand responsibility to our customers, customers’ client, the public and any entity that we subsequently deal with. Gawker Social Responsibility The security breach that occurred in Apple iPad’s was first disclosed by Gawker Media, an online media and blog network company. Goatse Security released the itineraries of the security breach to Gawker Media who subsequently made the information public through their blog. Following this episode, Gawker Media was both praised and condemned by the public. Praised because of their informing the public against possible security issues in the iPad and condemned on account of their handling of the issue. Even though Gawker had a responsibility towards the public in making them aware of the hard facts, they also had a responsibility towards the victimized company, AT&T and Apple. Gawker revealed the news before informing these companies and giving them time to recuperate from the breach. Ideally, Gawker should have contacted AT&T of the issue and giving them chance to take care of the security issues before going public. In this way, AT&T would have been able to save face against a hacking attempt that was unethical and wrong to begin with. CEO Response to Security Breach Security Breaches have become increasingly common in the digital age and it would be pointless to pretend that organizations could remain safe from it. Security Breaches greatly impact the organization by increasing doubts in the public on the abilities of the organization and thus public need to be addressed in such cases. Responding to a security breach in a timely and efficient manner is responsibility to the CEO. In most cases, CEO is often ill-equipped to handle such crisis and often respond by shifting the blame or by taking no stand at all. As directed by the Australian government, the ideal CEO response consists of four steps. The first step is to assess the situation and minimize the impact of the security breach. Assessing the situation requires the creation of a crisis management team that will further guide the CEO in ways to minimize the impact. The second step is to evaluate the risk of the breach on the company and its public relations. Again the crisis management team will brief the CEO on the evaluation. Once done, the CEO will move towards the next step that is addressing the public. A public relation campaign needs to be developed that deals with the company’s reaction towards the breach and its future policy towards security breaches of such kind. This is often the most difficult part of the response since the public is being bombarded with a variety of perspectives and becomes difficult to convince. In such cases, the CEO should be well informed towards the issue and emphatic towards the victims. The attitude of the CEO should be positive rather than negative where he tries to shift the blame on others. The last step of the response is to develop a plan that deals with the prevention of security breaches in the future. In the internet age, this may be hard to attain as hackers are continuously updating their information and developing alternate methods. The CEO in this case, will also have to develop a continuous plan where he hires or creates a team for the specific purpose of preventing hacking attempts in the future (Office of the Privacy Commission, 2008). Email Script Subject: Apologies for Security Breach at AT&T Dear Customer, Recently, Gawker Media released a news blog regarding the security breach at AT&T for its iPad users. After analyzing the situation, we discovered that the breach is limited to the disclosure of email addresses including yours and does not involve the leakage of any other pertinent information. This happened on account of a script that was available on our website which the hackers used to gain access to the email addresses. The script has been removed from the website as soon as the issue was raised and the breach has been contained. The hackers were only able to view email addresses and did not gain access to any private information or email. However as an added precaution, we would suggest that you do the following: Be aware of any phishing attack. In such a case, you would ask to reveal personal information such as passwords to people pretending as our authorized personal. If you are contacted by any third party, you are advised to report them at this number: 0020192020; Review your accounts periodically against hacking attempts or any suspicious activities; Ensure that the passwords for your email addresses are strong. You can do this by going to you account setting and checking password strength. We advised that you change your passwords if they are weak or even moderately weak. Again I would like to clarify that the breach is limited to the disclosure of any email addresses and therefore you need not worry about personal information in your accounts. The situation has been handled excellently and we have developed a stronger security system as a result and hope to serve you better in the future. A special team has been developed for the express purpose of finding security lapses in the system as a future strategy against such security breaches. I deeply apologize for the inconveniences you may have faced as a result. AT&T is one of the biggest and largest service providers and we have created a strong image for the company through valued customers such as you. It is for the trust that you put in us that we dealt and solved the issue in a timely manner. We hope that on account of our dedication to you, you will give us a chance to redeem your trust and even exceed your expectations in our company. I understand that you would be concerned for the safety and privacy of your information and this may raise questions for you. For this, you can contact my team at 0909008 at your convenience. Sincerely, CEO AT&T References Office of the Privacy Commissioner (2008) Guide to handling personal information security breaches, Australian government. Retrieved from http://www.healthprivacy.com.au/doc/Guide_to_breach_notification_OPC.pdf Reuters, (2011). RSA Offers to Replace SecurIDs After Lockheed Hackin. Fox Business. Retrieved from http://www.foxbusiness.com/industries/2011/06/07/rsa-offers-to-replace-securids-after-lockheed-hacking/ Tate, R. (2010) Apple’s Worst Security Breach: 114,000 iPad Owners Exposed. Retrieved from http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed Read More