Millions Of iPhone, iPad IDs Stolen - InformationWeek
IoT
IoT
Infrastructure // PC & Servers
News
9/4/2012
01:04 PM
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%
RELATED EVENTS
Using Threat Data to Improve Your Cyber Defense
Aug 10, 2017
Attend this webinar to learn how you can determine which threats pose the greatest danger to your ...Read More>>

Millions Of iPhone, iPad IDs Stolen

Hacker group AntiSec released a file of a million and one UDIDs, which are unique IDs for iPhone, iPad, and iPod Touch devices. It claims to have hacked it off an FBI computer via a Java vulnerability.

The hacker group AntiSec released a file of a million and one UDIDs--unique device identifiers--which it claims to have hacked it off an FBI computer via a Java vulnerability. UDIDs are unique IDs for iPhone, iPad and iPod Touch devices. Apple and the developers of any apps you install gain access to this string.

UPDATE: The FBI has denied the substance of AntiSec's claims. Click here for more information.

The group's Pastebin posting claims that the stolen list was taken from the notebook computer of FBI Supervisor special agent Christopher K. Stangl's computer in March 2012 using a Java AtomicReferenceArray vulnerability. The purloined file was named "NCFTA_iOS_devices_intel.csv" and contained UDIDs for 12,367,232 iOS devices, although not all of them with full personal information. AntiSec chose to disclose only the smaller number of UDIDs.

The "NCFTA" part of the file name might stand for the National Cyber-Forensics & Training Alliance, which defines itself as an alliance of SMEs (subject matter experts) in industry, academia, and government with broad goals for addressing computer security threats. The relevance of "Intel" in the file name is tough to figure; no iOS devices run on Intel processors, so perhaps it's just short for "intelligence."

The file allegedly included other personal information, such as "...full names, cell numbers, addresses, zipcodes, etc" but the group stripped those out of the list.

The potential for privacy problems via UDID disclosure is an old issue. Normally, app distributors get the UDID of a device when that device installs an app, and Apple already has begun to restrict access to them in favor of less-problematic methods.

Although many reports indicate that the disclosed UDIDs are valid, there has been no official recognition by the government that they were the source of the data, nor has there been any explanation of why the FBI would have such a file.

For instructions on determining the UDID of your own iPhone, iPad, or iPod Touch, see WhatsMyUDID.com.

Click here for a tool that checks to see if your UDID is in the list.

Hat tip to Richi Jennings of Computerworld.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll