Wednesday, September 05, 2012

Apple, FBI Deny Claims That Hackers Stole Apple UDID's

The web was a buzz yesterday as hacking group AntiSec claimed to have stolen more than 12 million UDIDs (Unique Device IDs) for Apple iPhones, iPads and iPod Touch devices while hacking an FBI agent's laptop. These claims have since been denied by both the FBI and Apple with both stating that the FBI never had the information and that Apple had never released it.

AntiSec, a group of hacktivists, released a file of over one million Apple UDIDs on Tuesday. Claiming that this is only a small part of a total haul of over 12 million records of both UDIDs and personal information taken from an FBI agent's laptop. The group announced the release on its @anonymousirc Twitter account.

Details of the information dump were placed on Pastebin where AntiSec says a number of the records in the original data contained zip codes, full names, addresses and cell numbers, while others contained none. However, they decided to trim the information down to the Apple Device's unique device identifier (UDID), APNS (Apple Push Notification Service) tokens for accessing the notification service, the device's name (e.g. "John Doe's iPhone") and device type (e.g. "iPad").

The group had released a million UDIDs, push notification tokens, device names and types as evidence that they had the information.

This prompted responses by both the FBI and Apple, who are claiming that Apple never released the data and that the FBI was never in possession of such information. The FBI  tweeted: "We never had info in question" and said that the story was "TOTALLY FALSE". In a further statement, the agency said:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
In a statement rleased this morning, Apple said it did not furnish a list of Unique Device Identifiers (UDIDs) to the FBI or anyone else, and that the feature was soon to be removed.

"The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," Apple said in a statement provided to AllThingsD. "Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID."

The, now more active, @AnonymousIRC twitter account used by AntiSec responded to the FBI's statement: "So because you don't know of any data breach it never happened?"

At this time it still remains unclear how the FBI would have obtained the UDID's, what they were being used for or even if they ever had them at all. AntiSec suspects that the FBI uses the list of devices for monitoring and tracking users. But it is still uncertain how the FBI came into possession of this UDID list to begin with.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you