Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop

This is a discussion on Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop within the Apple Rumors forums, part of the Apple News category; Hacker group Antisec has released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices tonight. The records reportedly came from a file ...

+ Reply to Thread
Results 1 to 3 of 3
  1. #1
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    13,880
    Member #
    1529
    Liked
    89 times

    Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop



    Hacker group Antisec has released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices tonight. The records reportedly came from a file found on an FBI laptop back in March.

    During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.


    The file that was found was said to contain over 12 million device records, including Apple UDIDs, usernames, push notification tokens, and in some instances, names, cell phone numbers, addresses and zip codes.

    The group released 1 million of these records but stripped most personal information. The final release includes Apple UDIDs, APNS (push notification) Tokens, Device Name (e.g. "Arnold's iPhone") and Device Type (e.g. "iPhone"). MacRumors has been able to confirm that the UDIDs appear to be legitimate.

    The source of the data is not entirely clear, though the type of data is typical for the kind of information an iOS app developer would collect to deliver push notifications to users. It seems an App developer or developers are the original likely source of the information, though no specific information is yet available. Right now there's no easy way to determine if your device's UDID was included in the list, beyond downloading the list yourself.

    The actual implications of the leak, even if your UDID is found, aren't entirely clear. The UDIDs themselves are rather harmless in isolation. Apple has previously come under fire for the use of these globally identifying ids. The privacy risks, however, typically come from these ids being used across ad networks and apps to piece together a more complete picture of activity and interests of the user. But it was reported back in 2011 that by leveraging existing networks, information and even login access can be obtained from UDIDs. It's not yet clear if the released push tokens can be used in any manner.



    9-4-12


    www.macrumors.com


  2. Ads

    Posts
    Many

  3. #2
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    13,880
    Member #
    1529
    Liked
    89 times

    Apple issues statement saying it didn't give UDIDs to FBI



    After a hacking group claimed it had obtained millions of unique identifiers for Apple devices from an FBI laptop, Apple itself has issued a statement saying it did not provide any UDIDs to the FBI.

    "The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," spokesperson Natalie Kerris said to All Things D. "Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of UDID and will soon be banning the use of UDID."

    The statement came after the hacking group AntiSec posted the unique device identifiers of 1 million million iPhones and iPads this week. AntiSec claimed the unique 40-character UDIDs were stolen from an FBI laptop, and that it had a total of nearly 12.4 million UDIDs

    But the FBI issued its own statement refuting those claims, stating AntiSec's allegations were false. The bureau also distanced itself from the gathering of private information such as UDIDs, saying there is no evidence tying the agency to the purported UDID leak.

    "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the statement read. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."



    9-5-12


    Source


  4. #3
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    13,880
    Member #
    1529
    Liked
    89 times

    True Source Of The Hacked AntiSec UDIDs Was Actually An App Publisher


    After a lot of confusion and denials from the FBI and Apple, the real source of the 1 million hacked UDIDs that Anonymous leaked last week has finally been found, and aswas theorized last week, it was just an app publisher.

    Blue Toad, an app publishing company in Florida, revealed to NBC News that they’re 100 percent confident that Anonymous hacked their databases and stole the UDIDs from them.

    Technicians at Blue Toad downloaded all the data released by Anonymous and compared it to their own database. At the end of their analysis they found a 98 percent correlation between the data.


    In an interview with NBC News, Paul DeHart, CEO of Blue Toad, said the following -


    “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this. I had no idea the impact this would ultimately cause. We’re pretty apologetic to the people who relied on us to keep this information secure.”.

    The data was stolen about two weeks before the leak, but having your UDID leaked by itself isn’t all that worrisome. Apple spokesman Trudy Mullter commented on the situation to reassure iOS users that the UDID leak contained a minimal amount of personal information.

    “As an app developer, BlueToad would have access to a user’s device information such as UDID, device name and type. Developers do not have access to users’ account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer.”

    Now that we finally know who leaked the UDIDs how do you feel about the vulnerability of developers having personal information that could be leaked to the general public? Does Apple need to do more to protect user data?



    9-10-12


    Source


Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Similar Threads

  1. Synching to new laptop
    By aly2011AMA in forum iPod Touch
    Replies: 0
    Last Post: 08-14-2012, 03:12 PM
  2. Replies: 0
    Last Post: 06-08-2012, 05:38 PM
  3. Replies: 0
    Last Post: 05-25-2012, 08:28 PM
  4. Replies: 0
    Last Post: 05-22-2012, 05:00 PM
  5. Replies: 0
    Last Post: 02-10-2012, 12:20 PM

» Ads

Powered by vBadvanced CMPS v4.1.1

Contact Us
Back to top