- The ‘Smooth Bernie’ conspiracy is false, but the memes are fire Friday 3:59 PM
- Trump says he wants to raise the vaping age to 21 Friday 3:07 PM
- ‘The Mandalorian’ comes to a crossroads in Chapter 3 Friday 1:11 PM
- Apple TV’s ‘Servant’ will make you scared of reborn dolls Friday 1:05 PM
- Lindsey Graham roasted for turning his back on a veteran Friday 12:52 PM
- Scooter Braun asks Taylor Swift for ‘resolution’ after allegedly getting death threats Friday 12:35 PM
- ‘Frozen 2’ plays it safe and lacks the magic of the original Friday 12:19 PM
- Graphic video shows police pinning man face-down in subway station Friday 12:18 PM
- Mini-documentary shows Trump supporters clashing at Denny’s Friday 11:52 AM
- Here’s why ‘Furry and Proud’ is trending on Twitter Friday 11:16 AM
- Sacha Baron Cohen calls tech giants the ‘greatest propaganda machine in history’ Friday 11:04 AM
- ‘Resistance Reborn’ is a must-read before ‘The Rise of Skywalker’ Friday 10:14 AM
- Stephen Miller should be fired, more than 100 lawmakers say Friday 9:56 AM
- YouTube star Bretman Rock goes off on fans who wanted selfies during his dad’s funeral Friday 9:14 AM
- The U.S. Army is reevaluating its use of TikTok after security concerns Friday 8:45 AM
AntiSec releases 1 million Apple device IDs
Anonymous hacker group claims to have lifted many more from an FBI laptop in March.
The Anonymous hacker group known as AntiSec has released more than 1 million Apple device identification numbers after allegedly swiping them from the FBI.
The unique device identifier numbers, or UDIDs, were dumped on PasteBin with a lengthy message criticizing cybersecurity, praising the Syrian rebels, and calling out Gawker reporter Adrian Chen, who has jabbed at the hacker groups in the past.
The identification numbers look real, reported Forbes’ Andy Greenberg, who downloaded the data and found that it included character strings resembling UDIDs. These identification numbers are regularly used by applications run on Apple devices as a way for users to log in. While they are a quick and easy way for users to interact with software often unknowingly, the UDIDs are extremely vulnerable, reported Aldo Cortesi, a researcher who has published numerous studies on the abuse of UDID since May 2011.
“In a sample of 94 apps I tested, 74% silently sent the UDID to one or more servers on the Internet, often without encryption,” Cortesi wrote in September 2011.
The UDIDs were allegedly stolen from a FBI laptop used by special agent Christopher K. Stangl of New York’s Evidence Response Team. AntiSec claims that a Dell notebook used by Stangl was hacked during the second week of March, including a file named “NCFTA_iOS_devices_intel.csv” said to contain more than 12 million UDIDs, name of devices, type of device, Apple Push Notification Service tokens, ZIP codes, cell phone numbers, and addresses.
“so the big question: why [are we] exposing this personal data? well we have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that,’” AntiSec wrote on PasteBin. “but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it.”
One person who cares is Cortesi, who called this leak the “tip of the iceberg” in a post Tuesday.
“Negotiating disclosure and trying to convince companies to fix their problems has taken literally months of my time, so I’ve stopped publishing on this issue for the moment. It’s disheartening to say it, but some of the companies mentioned in my posts still have unfixed problems (they were all notified well in advance of any publication),” Cortesi wrote. “I’ve often been asked ‘What’s the worst that can happen?’. My response was always that the worst case scenario would be if a large database of UDIDs leaked… and here we are.”
In April, Apple began rejecting applications that used the UDID.
Update: All Things Digital reports that the FBI refuted AntiSec’s claims with the following statement.
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
Photo by Newtown grafitti/Flickr
Fernando Alfonso III served as an early Reddit and 4chan reporter and the Daily Dot’s first art director until 2016. He’s gone on to report at Lexington’s Herald-Leader and at the Houston Chronicle.