12 million iOS unique device identifiers (UDID) reportedly hacked from FBI laptop

12 million iOS unique device identifiers (UDID) reportedly hacked from FBI laptop | iMore.com Skip to main content AndroidBlackBerryiPhone / iPadWindows PhonewebOS

Join our iPhone, iPod touch, iPad and Apple TV community today!   Register or Login Here

iMore iPhone iPad Forums Apps Accessories Reviews How-To Podcasts Free wallpapers: iPhone & iPad Guides: iOS, iCloud, Siri, photography, jailbreak Free: iPhone apps & games, iPad apps & games Shop Online Cases Chargers Screen protectors Headsets & More Free shipping on orders over $50 12 million iOS unique device identifiers (UDID) reportedly hacked from FBI laptop By Rene Ritchie, Tuesday, Sep 4, 2012 a 8:12 am 34

Over 12 million unique device identifiers (UDID), and related, personally-identifiable information, for iPhones, iPod touches, and iPads have reportedly been hacked from an FBI laptop using a Java vulnerability. AntiSec has released 1 million of the UDIDs as proof of the hack, along with a statement that includes the following:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

UDIDs are used by developers to register devices with Apple's iTunes Connect so they can run beta versions of iOS and test ad-hoc versions of their apps prior to release. While some developers also used to use them to identify users and their devices, Apple has now disallowed that practice.

No accounts or passwords appear to have been compromised, so for users this is more of a privacy issue than a security issue. Any single piece of identifying information, be it a UDID number or a cell phone number, when combined with a sufficiently large pool of data and the right kind of analytics, can be used to create profiles and assess patterns.

AntiSec says they released the information to draw attention to what they claim is the FBI's collection of it.

You can read more of AntiSec's statement, and find the list of disclosed UDIDs, via the link below.

Source: AntiSec

Rene Ritchie

Editor-in-Chief of iMore,co-host of Iterate and ZEN and TECH podcasts. Cook, grappler, photon wrangler.

Follow @reneritchie !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");

More Posts

 

2 49 129 More of: News
More of: antisec, Udid, Hack, Security, rbi ? PreviouslyBBC iPlayer update coming today, will finally allow on-device downloads Next up ?Deal of the Day: 47% off Incipio Hive Honeycomb dermaSHOT Silicone Case for The new iPad and iPad 2 There are 34 comments. Add yours. mrod79 says: Sep 4, 2012 at 8:42 am - 22 hours ago

Why the hell does the FBI have the UDID's????????
Who else has them?

Reply DARK_BLU says: Sep 4, 2012 at 4:04 pm - 15 hours ago

THE ENEMY has them. And now all your data are belong to us. LOL!!!!

Reply Stewartj1 says: Sep 4, 2012 at 9:44 pm - 9 hours ago

My big concern is HOW did the "nonprofit organization" which gave them to the FBI get them?

In my view that's the single most important question.

Reply iDevizes.com says: Sep 4, 2012 at 8:53 am - 22 hours ago

@mrod79 Indeed why should the FBI need these UDID's? What could you possibly do with those UDID's? Do i have to change my password?

www.iDevizes.com

Reply sting7k says: Sep 4, 2012 at 9:03 am - 22 hours ago

What does this mean for me right now? Should I be changing passwords?

Reply Rene Ritchie says: Sep 4, 2012 at 9:30 am - 21 hours ago

No, this is identifying information. For us, it's a privacy issue, not a security issue, at least right now.

Reply Dev from tipb says: Sep 4, 2012 at 11:22 am - 19 hours ago

Think of the UDID as a super-cookie, one that your iPhone sends on every request and that you cannot change, mask, or expire. If somebody knows your UDID, they have no extra ability to get into your account, but they can look at a stream of data and tell which specific requests are coming from *you* individually (or, at least, from your iPhone).

Reply philbert81 says: Sep 4, 2012 at 9:10 am - 22 hours ago

I am getting tired of these vigilantly hackers. Something needs to be done to stop them.

Reply RickNY says: Sep 4, 2012 at 10:03 am - 21 hours ago

Wouldn't you be more concerned about a) why the FBI has 12 million UDIDs to begin with and b) why they are not being secured properly if they do have them? Does that not even raise a red flag in your mind?

Reply dalvik says: Sep 4, 2012 at 11:25 am - 19 hours ago

No it doesn't because he as an american citizen truly believes that government protects us and everything it does is for the better. So let them (the Gov) have our info and know our every step so we can sleep tight at night.

Reply techiechicktt says: Sep 4, 2012 at 10:29 am - 20 hours ago

No, something needs to be done to stop the warrant-less collection of data on American citizens!!

Reply dalvik says: Sep 4, 2012 at 11:03 am - 20 hours ago

That's right... Let the FBI, CIA and hell knows who else have your personal info and you wouldn't even know about that. After all these agencies are here to protect us aren't they? what you don't know wont hurt you

Reply Stewartj1 says: Sep 4, 2012 at 9:57 pm - 9 hours ago

As much as I'm p.o.'d at them for posting all those UDID's, they did at least expose some very questionable FBI activities and in the process have raised a lot of questions.

1: Exactly who is this "nonprofit irganization" from whom the FBI got this data?
2: HOW did this nonprofit get the info in the first place?
3: Who else have they given it to?
4: Exactly why does the FBI Have this data?
5: Why is such a high level FBI agents laptop so easy to hack?
6: Who else's UUID's do they have?

Reply Mrdevali says: Sep 4, 2012 at 9:18 am - 21 hours ago

What is changing your passwords goin to do??

Reply markbyrn says: Sep 4, 2012 at 9:32 am - 21 hours ago

To paraphrase another article on a related subject, many apps use UDIDs to anonymously identify unique users across apps and browsing sessions and associate them with location, user settings, and ads. UDIDs are also used when registering devices for iOS betas. The use of UDID also sparked controversy over fear that individuals could potentially be identified should enough anonymous data be amassed.

Apparently that's been the case here and I found that one of my devices (iPad 3 on Verizon) was leaked.

Reply wdcspurs says: Sep 4, 2012 at 9:33 am - 21 hours ago

I'm not sure that their point of hacking was to use the iOS user info they got in a malicious way. It sounds like it is more or less a way to show the public what kind of info people have. Why the FBI has this stuff doesn't make much sense. Changing passwords won't do anything.

Reply Rob White says: Sep 4, 2012 at 9:38 am - 21 hours ago

Let this be a succinct wake up call to iPhone users. Just like Android, iOS is vulnerable. Just because you may not have been aware until now doesn't disprove the evidence. I'm not making a Android vs iOS comparison about security. I'm simply pointing out that all computing platforms have inherent vulnerabilities.

The only thing you can do against these vigilante hackers is continuously determine how much information you are comfortable having stored on your phone & what developer/apps do with that data. I personally have a ridiculous amount of personal information out there in the wild thx to Google & Apple. Yes Apple data mines their users too. The same rules apply regardless of your chosen platform.

Your privacy & personal information is only as valuable as you make it.

Reply dalvik says: Sep 4, 2012 at 11:33 am - 19 hours ago

Even if you have a cheap ass dumbphone that makes only phone calls the Gov still knows your whereabouts, all your info and tracks your every call and your every conversation, looking for specific words and phrases. Hell they can even poinpoint your exact location with just that dumbphone if they need to. Thats just the way it is, you can do nothing about it as long as you live in this country And I'm sure other countires out there have the same system of tracking their citizens.

Reply Rob White says: Sep 4, 2012 at 11:46 am - 19 hours ago

You're right. I was merely attempting to point out that next time you read stories about privacy or hacking of Windows or Android, take a look at what your holding. It's just as vulnerable.

I often tell people as an experiment to go into the phones settings & disable GPS, background data, & notifications/email. Turn off WiFi & cell radios too. After doing this I tell them to dial 911. They are stunned when the call connects & the operator on the other end can approximate their location to around 150 ft give or take. And by federal law that connectivity cannot be disabled nor does it have to be disclosed.

That same system makes tracking your every move & phone call just as easy. The only way it doesn't work is if you pull the battery or it fully discharges. Otherwise you have no privacy on a mobile phone, smart or dumb alike.

Reply dalvik says: Sep 4, 2012 at 12:06 pm - 19 hours ago

Absolutely correct. Besides, I'm not even concerned about them having my info. I cannot do anything at this point to protect myself from this type of surveillance (well except for getting rid of all my computers and handhelds for good and never ever usem them again) And I'm OK with that. But news like that do raise high concerns as to why these sloppy agents casually carrying my personal information on their laptops (???) It's almost the same like losing your ss card. I definetely wouldn't want that. I'm just surprised there haven't been any lawsuits against these so called "government agencies"

Reply jameslaz says: Sep 4, 2012 at 9:40 am - 21 hours ago

Rene,
Thanks for the information. As always you guys keep me informed on who is doing what and why I need to be concerned.

Reply dloveprod says: Sep 4, 2012 at 9:47 am - 21 hours ago

Now these hackers are going too far.

Reply dalvik says: Sep 4, 2012 at 11:41 am - 19 hours ago

You meant to say the US governement right?

Reply yukimba17 says: Sep 4, 2012 at 10:31 am - 20 hours ago

Why would they do that!???? I hate it!

Reply davidbowser says: Sep 4, 2012 at 10:41 am - 20 hours ago

I think some folks may be missing the point by blaming "the hackers" in this particular case. I don't condone what they did (minimum of breaking into an FBI computer) or how they did it, and they most certainly broke the law, but they are not attacking you. The data they released publicly had the names and some other personal data trimmed out. Their stated purpose was to show everyone what data the FBI has on each and every one of us, regardless of motive.

I've worked in IT and Security for about 20 years, and the fact that the FBI has this data at their fingertips doesn't surprise me in the least. That the data is treated so casually by the FBI (an unencrypted csv dump on a laptop is the security equivalent of a password on a sticky note) scares me more than anything.

I'm not big on scare tactics, but to illustrate Rene's point on this being a privacy issue, I will share: About 15 years ago, I worked for a data analytics company that specialized in pharmaceutical data and targeted sales. Given gender, age, and general location info, our engine could predictively spit out what prescription drugs you used (and therefore what medical problems you had) and what doctor prescribed them, stack ranked by % correlation. The use case was for Pharma companies to target specific doctors for marketing new drugs based on prescription history, but also to target advertisements in certain areas where those doctors worked, so that their patients would ask about the new drug. That's pretty basic, and that was 15 years ago.

Reply Dev from tipb says: Sep 4, 2012 at 11:14 am - 19 hours ago

It is somewhat of a tangent, but this New York Times article on behavior and data analytics is a good introduction for the non-statistician. [ http://nyti.ms/OLeptN ]. The headline is an eye-catching example; via seemingly unrelated shopping data, e.g. spikes in purchasing unscented products, Target could tell a teenager was pregnant before she told her father.

Reply epots9 says: Sep 4, 2012 at 11:08 am - 20 hours ago

well i searched the file for my name (since that is my device's name) and nothing came up, woohoo but I don't have access to itunes right now to get my udid to search based on that. But from the looks of it, i'm not in it.

Reply s2h2golf says: Sep 4, 2012 at 12:09 pm - 19 hours ago

The Next Web has a tool for checking your UDID against what was released (safer than clicking on that AntiSec link):

http://thenextweb.com/apple/2012/09/04/heres-check-apple-device-udid-com...

Reply Stewartj1 says: Sep 4, 2012 at 10:05 pm - 9 hours ago

How do you know that tool isn't phishing your data when you use it?

Reply KCMike says: Sep 4, 2012 at 12:47 pm - 18 hours ago

TSA checkpoints, FBI tracking, & Indefinite Detention? Yep, Welcome to America.

Reply Raptor007 says: Sep 4, 2012 at 1:24 pm - 17 hours ago

If not for the hackers either (white hat or black hat) releasing what the gov't is hiding and doing then we would never know about it would we? I don't appreciate having my UDID or other identifiable information kept on me let along released by hacker groups. Would you rather not know about the level and extent of the US Government's spying on US citizen's in the name of security?

While we all have nothing to hide we also have an expectation of privacy, or do we . . .

Reply iDonev says: Sep 4, 2012 at 7:33 pm - 11 hours ago

The 9/11 scare gave police all the power they could possibly want... the Patriot Act and the rising police state being the two easiest examples.

Reply GlennRuss says: Sep 4, 2012 at 10:03 pm - 9 hours ago

Another Fine example of the lack of a java fix. They need to address this, and stop acting like they do not have problems.

Reply lungho says: Sep 4, 2012 at 10:38 pm - 8 hours ago

Ahhhh what the hell, not like it's a secret anymore.....414-46-5285

Reply Contact iMoreSEND US NEWS  |  SUBMIT AN APP

Shop iMore

THE #1 ACCESSORY STORE | 2 MILLION+ ORDERS SHIPPED

Browse All Accessories Cases and Skins Chargers Cradles Bluetooth Headsets Screen Protectors See all accessories Browse Accessories For Your Phone iPhone 4S Cases Chargers Car Kits & more The new iPad Cases Chargers Screen Care & more iPhone 4 Cases Chargers Car Kits & more iPad 2 Cases Chargers Screen Care & more iPhone 3GS Cases Chargers Car Kits & more iPad Cases Chargers Screen Care & more Shop iMore

THE #1 ACCESSORY STORE | 2 MILLION+ ORDERS SHIPPED

View All Devices STORE AD CONTENT Follow iMore(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=213678485361751"; fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));

Follow @iMore!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");


Facebook
Twitter
Google+
RSS
YouTube
iTunes Watch iMoreMORE SHOWS  |  MORE VIDEOS

Tell iMore
Team iMore
Rene
Georgia
Leanna
Chris
Ally
Simon
Chris
Michelle Headlines Withings set to launch the Wireless Scale, bathroom scales with iPhone connectivity Leaks accurate, this is what the new iPhone will look like Apple announces iPhone 5 event for September 12 12 million iOS unique device identifiers (UDID) reportedly hacked from FBI laptop All headlines Help & how-to How to send a contact card with iMessage or SMS How to sort and organize alerts in Notification Center on iPhone and iPad How to disable Notification Center banners, popups, badges, and sounds on your iPhone and iPad How to send a video with iMessage from your iPhone or iPad All help & how-to Apps & games Angry Birds maker Rovio teases Something PIG Granny Smith brings octogenarian X-Games-style skating, smashing action to iPhone and iPad Why Twitter's new token limits caused Tapbots to remove the Tweetbot for Mac alpha download link Follow iMore and Mobile Nations on app.net All apps & games Accessories Pad & Quill iPhone and iPad cases: Labor Day giveaway! Foundation Dock hits Kickstarter, a strong and flexible docking solution for iPhone ZAGG announces two new Bluetooth iPad keyboards, one with backlit keys iGrip Headrest Tablet Kit for iPad review [Giveaway] All accessories iPhone Withings set to launch the Wireless Scale, bathroom scales with iPhone connectivity Share humorous e-cards with someecards for iPhone How to send a contact card with iMessage or SMS This is my body - Anatomy for kids for iPad review All iphone More iPad Withings set to launch the Wireless Scale, bathroom scales with iPhone connectivity Share humorous e-cards with someecards for iPhone How to send a contact card with iMessage or SMS This is my body - Anatomy for kids for iPad review All more ipad iOS 5 + iCloud Withings set to launch the Wireless Scale, bathroom scales with iPhone connectivity Share humorous e-cards with someecards for iPhone How to send a contact card with iMessage or SMS This is my body - Anatomy for kids for iPad review All ios 5 + icloud Jailbreak Add page animations and transitions to your iPhone or iPad with DisplayCandy [jailbreak] Dash brings fluid card style multitasking to your iPhone [jailbreak] Make notification banners less obtrusive with MiniBanners [jailbreak] IconToggles adds system shortcuts right to your Home screen [jailbreak] All jailbreak Device reviews The new iPad (2012) review iPhone 4S review 2011 iPod touch review White iPhone 4 review All device reviews Comparisons Google Nexus 7 vs. iPad 3, unboxing and first impressions -- from iMore! Apple iPad or Google Nexus 7: Which one should you get? Samsung Galaxy S III gets reviewed -- the good, the bad, and the copied iPhone 4S vs. Galaxy S III All comparisons Features Forums: iPad Mini in education, Keeping a backup device, How are emails downloaded? Forums: Apple and Samsung's relationship, Best courses online to learn how to make iPhone and iPad apps? Forums: Searching maps in iOS 6, New Facebook thoughts, What was your first cellphone? Forums: Transfer files without iTunes, Google Voice app suggestions, iPad 3 or wait? All features Contests iMore contest winners: HDR photography and Follow and Win! iPhone 5 dream device giveaway! Pad & Quill iPhone and iPad cases: Labor Day giveaway! Follow iMore on Twitter and win, plus your last chance at a bonus entry this month! All contests Mobile Nations YouTube Channel Follow Us on Twitter Join us on Facebook Mobile Nations RSS Feed 8,305,298 Readers Per Month Mobile Nations brings you the very best of Android Central,
CrackBerry, iMore, webOS Nation, and WPCentral   Withings set to launch the Wireless Scale, bathroom scales with iPhone connectivityShare humorous e-cards with someecards for iPhoneHow to send a contact card with iMessage or SMSThis is my body - Anatomy for kids for iPad reviewiMore contest winners: HDR photography and Follow and Win!   Mophie to launch battery case for Samsung Galaxy S3Sony Xperia U ICS update expected in 'next few weeks'Mystery HTC device poses for the blurry-camAmazon strikes content deal with EPIX for Prime Instant VideoBooks on Google Play now available in Korea BlackBerry 10 boot time should be dramatically better than PlayBookFrom the Editor's Desk: Back to work... Let the silly season of mobile begin!RIM introduces the $10K Developer Commitment and Built for BlackBerry program"Real Photo" of BlackBerry 10 Full Touchscreen Phone Emerges!How to save a contact to your SIM phone book From the Forums: Preparing for the big day and Samsung's ATIV of 'Death'Elop: Nokia and Microsoft unveiling all of Windows Phone 8 tomorrowNokia, Windows Phone 8 and New York City – Our rumor roundup and what we are expectingReport - Nokia Lumia 900 no longer selling in the top 3 on AT&TDevelopers - New AppBizDev app marketing and monetisation podcast launching 2012 WebOS Internals web-a-thon raises $12,202.20 for homebrewGoogle's working on a stock Android install for Sony, could they be charting a path for Open webOS?App Giveaway: 50 copies of QuickChat for FacebookMonday Brief: IFA 2012, BB10 Hardware, a WP8 Lumia Leak, and more!TouchPad Go to be raffled off for charity!   iPhone / iPad ForumsAndroid ForumsBlackBerry ForumsWindows Phone ForumswebOS Forums Copyright 2012 Mobile Nations ? Terms and Conditions ? Privacy Policy

View the original article here