Sponsored By

Millions Of iPhone, iPad IDs Stolen

Hacker group AntiSec released a file of a million and one UDIDs, which are unique IDs for iPhone, iPad, and iPod Touch devices. It claims to have hacked it off an FBI computer via a Java vulnerability.

Larry Seltzer

September 4, 2012

2 Min Read

The hacker group AntiSec released a file of a million and one UDIDs--unique device identifiers--which it claims to have hacked it off an FBI computer via a Java vulnerability. UDIDs are unique IDs for iPhone, iPad and iPod Touch devices. Apple and the developers of any apps you install gain access to this string.

UPDATE: The FBI has denied the substance of AntiSec's claims. Click here for more information.

The group's Pastebin posting claims that the stolen list was taken from the notebook computer of FBI Supervisor special agent Christopher K. Stangl's computer in March 2012 using a Java AtomicReferenceArray vulnerability. The purloined file was named "NCFTA_iOS_devices_intel.csv" and contained UDIDs for 12,367,232 iOS devices, although not all of them with full personal information. AntiSec chose to disclose only the smaller number of UDIDs.

The "NCFTA" part of the file name might stand for the National Cyber-Forensics & Training Alliance, which defines itself as an alliance of SMEs (subject matter experts) in industry, academia, and government with broad goals for addressing computer security threats. The relevance of "Intel" in the file name is tough to figure; no iOS devices run on Intel processors, so perhaps it's just short for "intelligence."

The file allegedly included other personal information, such as "...full names, cell numbers, addresses, zipcodes, etc" but the group stripped those out of the list.

The potential for privacy problems via UDID disclosure is an old issue. Normally, app distributors get the UDID of a device when that device installs an app, and Apple already has begun to restrict access to them in favor of less-problematic methods.

Although many reports indicate that the disclosed UDIDs are valid, there has been no official recognition by the government that they were the source of the data, nor has there been any explanation of why the FBI would have such a file.

For instructions on determining the UDID of your own iPhone, iPad, or iPod Touch, see WhatsMyUDID.com.

Click here for a tool that checks to see if your UDID is in the list.

Hat tip to Richi Jennings of Computerworld.

About the Author(s)

Larry Seltzer

Contributor

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+:

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights