- Video of Blueface teaching Obama lookalike to dance is turning heads Wednesday 5:58 PM
- ‘No one has the range’ for this meme Wednesday 5:21 PM
- Mom confronts man who followed daughter through grocery store in viral video Wednesday 5:05 PM
- Major study linking vaping to heart attacks gets retracted Wednesday 4:36 PM
- George Zimmerman is suing Pete Buttigieg, Elizabeth Warren Wednesday 2:55 PM
- Netflix’s ‘Horse Girl’ accused of ripping off 2017 indie film Wednesday 2:52 PM
- The Genyus Network is a safe social space for stroke survivors Wednesday 2:20 PM
- MAGA hat-wearing dog finishes last in ‘Today Show’ fan vote—still named winner Wednesday 2:03 PM
- Reddit users share stories of the worst things guests have done in their homes Wednesday 1:25 PM
- WikiLeaks lawyer says Trump offered Assange a pardon—if he’d deny Russian hack Wednesday 1:16 PM
- 6-year-old placed in psychiatric facility for ‘trantrum’ is seen acting calm in body cam footage Wednesday 1:05 PM
- Amy Klobuchar devouring Ivanka Trump is the 2020 vore crossover no one wanted Wednesday 12:32 PM
- Review: Hulu’s ‘Devs’ is a brilliant work of near-future science fiction Wednesday 11:53 AM
- Rapper Pop Smoke dead at 20 Wednesday 11:42 AM
- KSI says he will back Team YouTube if Logan Paul fights Antonio Brown Wednesday 11:29 AM
AntiSec releases 1 million Apple device IDs
Anonymous hacker group claims to have lifted many more from an FBI laptop in March.
The Anonymous hacker group known as AntiSec has released more than 1 million Apple device identification numbers after allegedly swiping them from the FBI.
The unique device identifier numbers, or UDIDs, were dumped on PasteBin with a lengthy message criticizing cybersecurity, praising the Syrian rebels, and calling out Gawker reporter Adrian Chen, who has jabbed at the hacker groups in the past.
The identification numbers look real, reported Forbes’ Andy Greenberg, who downloaded the data and found that it included character strings resembling UDIDs. These identification numbers are regularly used by applications run on Apple devices as a way for users to log in. While they are a quick and easy way for users to interact with software often unknowingly, the UDIDs are extremely vulnerable, reported Aldo Cortesi, a researcher who has published numerous studies on the abuse of UDID since May 2011.
“In a sample of 94 apps I tested, 74% silently sent the UDID to one or more servers on the Internet, often without encryption,” Cortesi wrote in September 2011.
The UDIDs were allegedly stolen from a FBI laptop used by special agent Christopher K. Stangl of New York’s Evidence Response Team. AntiSec claims that a Dell notebook used by Stangl was hacked during the second week of March, including a file named “NCFTA_iOS_devices_intel.csv” said to contain more than 12 million UDIDs, name of devices, type of device, Apple Push Notification Service tokens, ZIP codes, cell phone numbers, and addresses.
“so the big question: why [are we] exposing this personal data? well we have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that,’” AntiSec wrote on PasteBin. “but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it.”
One person who cares is Cortesi, who called this leak the “tip of the iceberg” in a post Tuesday.
“Negotiating disclosure and trying to convince companies to fix their problems has taken literally months of my time, so I’ve stopped publishing on this issue for the moment. It’s disheartening to say it, but some of the companies mentioned in my posts still have unfixed problems (they were all notified well in advance of any publication),” Cortesi wrote. “I’ve often been asked ‘What’s the worst that can happen?’. My response was always that the worst case scenario would be if a large database of UDIDs leaked… and here we are.”
In April, Apple began rejecting applications that used the UDID.
Update: All Things Digital reports that the FBI refuted AntiSec’s claims with the following statement.
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
Photo by Newtown grafitti/Flickr
Fernando Alfonso III served as an early Reddit and 4chan reporter and the Daily Dot’s first art director until 2016. He’s gone on to report at Lexington’s Herald-Leader and at the Houston Chronicle.