Millions Of iPhone, iPad IDs Stolen - InformationWeek
Infrastructure // PC & Servers
01:04 PM
Connect Directly

Millions Of iPhone, iPad IDs Stolen

Hacker group AntiSec released a file of a million and one UDIDs, which are unique IDs for iPhone, iPad, and iPod Touch devices. It claims to have hacked it off an FBI computer via a Java vulnerability.

The hacker group AntiSec released a file of a million and one UDIDs--unique device identifiers--which it claims to have hacked it off an FBI computer via a Java vulnerability. UDIDs are unique IDs for iPhone, iPad and iPod Touch devices. Apple and the developers of any apps you install gain access to this string.

UPDATE: The FBI has denied the substance of AntiSec's claims. Click here for more information.

The group's Pastebin posting claims that the stolen list was taken from the notebook computer of FBI Supervisor special agent Christopher K. Stangl's computer in March 2012 using a Java AtomicReferenceArray vulnerability. The purloined file was named "NCFTA_iOS_devices_intel.csv" and contained UDIDs for 12,367,232 iOS devices, although not all of them with full personal information. AntiSec chose to disclose only the smaller number of UDIDs.

The "NCFTA" part of the file name might stand for the National Cyber-Forensics & Training Alliance, which defines itself as an alliance of SMEs (subject matter experts) in industry, academia, and government with broad goals for addressing computer security threats. The relevance of "Intel" in the file name is tough to figure; no iOS devices run on Intel processors, so perhaps it's just short for "intelligence."

The file allegedly included other personal information, such as "...full names, cell numbers, addresses, zipcodes, etc" but the group stripped those out of the list.

The potential for privacy problems via UDID disclosure is an old issue. Normally, app distributors get the UDID of a device when that device installs an app, and Apple already has begun to restrict access to them in favor of less-problematic methods.

Although many reports indicate that the disclosed UDIDs are valid, there has been no official recognition by the government that they were the source of the data, nor has there been any explanation of why the FBI would have such a file.

For instructions on determining the UDID of your own iPhone, iPad, or iPod Touch, see

Click here for a tool that checks to see if your UDID is in the list.

Hat tip to Richi Jennings of Computerworld.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll