GLOBAL - A black-hat hackers' group named Goatse Security has exposed a leak which allowed it to penetrate more than 114 000 Apple iPad 3G tablets, retrieving email addresses from SIM cards.

Even though the flaw may sound somewhat weak in terms of security threat, the figure changes when names and email addresses of secretive military personnel are involved., as well as CEOs of major companies in the US, such as Time Warner and News Corp, up to thirteen military officers, and others.

Goatse Security explored a script on AT&T's website (network carrier of the iPad in the US), provided an ICC-ID (integrated circuit card ID) as part of an HTTP request, and then the script returned the associated email address. The ICC-IDs were discovered by simply looking at existing ones, and then guessing new ones.

As it is quite time-consuming to type in 114 000 ICC-IDs, the hackers created a PHP script which simply automated the server requests, using an iPad user agent.

ICC-IDs are used on every SIM card, especially on mobile phones, although the data pertaining to each is different. AT&T is surely at fault here for leaving a simple manner open for hackers to extract email addresses from iPad 3G owners.

The group of hackers had contacted AT&T on Tuesday, who subsequently fixed the fault. The network operator has come forth confirming the issue, and apologizing.

This small incident may fuel hackers' hopes for more flaws, which could result in worse exploitations, such as interception of calls and messages.