The AntiSec hacker group claims it has in its possession more than 12 million Apple iOS Unique Device IDs, as well as other personal info from device owners. To prove it, it has released 1,000,001 UDIDs to the public.
The release, posted on Pastebin, also contains a detailed description of how the hackers allegedly obtained the IDs from the FBI.
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc,” claims Antisec.
The Anonymous hacker group announced the release of the UDIDs to the public in a tweet, claiming the source of the leak is FBI, which had “identified and tracked 12 million iOS devices.”
Apple Unique Device Identifiers (UDID) are sequences of 40 letters and numbers specific to an Apple device. By themselves, they’re not very revealing, and some of the other info obtained by the hackers can also be obtained by most iOS app developers.
However, Apple has recently started rejecting apps that access UDIDs due to privacy concerns. This study from 2010 claims the UDID creates a “tempting opportunity for use as a tracking agent or to correlate with other personally-identifiable information in unintended ways.”
Though they haven’t released them, hackers also claim the real names, addresses and cellphones in some cases accompany the UDIDs on the list, making this leak an even bigger privacy concern. source mashable
(Reuters) – The FBI said on Tuesday there was “no evidence” to support claims that hacking group Anonymous infiltrated an FBI agent’s laptop and lifted a file with identification numbers for more than 12 million Apple Inc products.