Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop

 

Last updated

Hackers from AntiSec on Tuesday claim to have leaked 1,000,001 iPhone and iPad identifiers the group allegedly obtained from a hacked FBI laptop holding over 12 million such Apple device IDs and corresponding personal information.

According to AntiSec, the unique device identifiers (UDID) of 12,367,232 Apple iPhones and iPads were discovered and lifted during the breach of an FBI agent's notebook, reports The Next Web. UDIDs are unique 40-character codes assigned to iDevices with cellular connectivity, their primary use being app registration and tracking by developers.

From AntiSec's post:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

If the alleged attack and subsequent UDID leak is legitimate, it is unclear how or why the FBI secured the Apple UDIDs.

AntiSec noted the UDIDs had varying amounts of personal data, with some having just basic personal information while others were more comprehensive and included full names and addresses. When the group published the UDID sample set, it stripped out identifying data but left Apple Device ID, Apple Push Notification Service DevToken, Device Name and Device Type data intact for users to "look if their devices are listed there or not."

It should be noted that some of the information provided in the leaked data sets are commonly available to iOS app developers as a requirement for push notifications, however private data like phone numbers and addresses are usually blocked.

Apple recently began taking steps to block UDID app access amid increased scrutiny of privacy practices from both consumers and the government. In August 2011, the company warned developers that it would be ending UDID access with iOS 5, effectively ending an easy solution to OS-wide user tracking.

42 Comments

iqatedo 22 Years · 1821 comments

Quote:
Originally Posted by AppleInsider 

Hackers from AntiSec...
It should be noted that most of the information provided in the leaked data sets are commonly available to iOS app developers as a requirement for push notifications, among other uses...

 

Most of the information, or all of the information?

dreyfus2 18 Years · 1069 comments

Well, let's assume there is a valid reason for the FBI to keep such a ridiculous amount of private and confidential data on a cheap-ass laptop (can't think of one, but what do I know), this is still rather worrisome. I would expect some 
Supervisor Special Agent
 working for 
FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team
(of all people), to know that such data does not belong on a mobile device, and that running something as unsafe as Java on the same device is approaching grossly negligent territory. These incompetent creatures might be more dangerous than what they are fighting.

 

Quote:
It should be noted that most of the information provided in the leaked data sets are commonly available to iOS app developers as a requirement for push notifications, among other uses.

 

Well, that is a bit misleading / euphemistic. Developers would get some of that for/from their own app, but certainly not for all of them on any phone; and certainly not any ZIP codes, phone numbers or addresses without user consent. Even if this just lands in the hands of online marketing spammers, this is 12 million of the most sought-after contact details. Real addresses, belonging to real people with considerable income. No need to downplay that.

tylerk36 16 Years · 1035 comments

Your homeland security hard at work.  Lets see.  If they have such information then maybe they have a list of all the rolls of toilet paper  and their serial numbers ever sold to Osama Bin Laden.  Also I have built a bridge to London out of sharp cheddar cheese and green beans.  Yes green beans!

macky the macky 16 Years · 4801 comments

The FBI has all this shit on a cheap-assed Windows laptop and didn't even think to encrypt it????!!!!!

moustache 16 Years · 95 comments

13million odd people can now sue the FBI.