- iPhone overloaded? Here’s how to cancel app subscriptions Monday 11:02 PM
- Fan-created ‘app’ lets users experience the final moments of the ill-fated Jeremy Renner app Monday 10:00 PM
- Milo Yiannopoulos receives lifetime ban from furry convention Monday 7:49 PM
- Snapchat just made all political ads purchased publicly available Monday 6:12 PM
- How to stream Barcelona vs. Borussia Dortmund in Champions League action Monday 5:39 PM
- How to stream Liverpool vs. Napoli in Champions League action Monday 5:19 PM
- How to make real money with Amazon’s Mechanical Turk Monday 5:03 PM
- How to stream Chelsea vs. Valencia in the Champions League group stage Monday 4:47 PM
- ‘SNL’ fires Shane Gillis for racist, homophobic comments Monday 4:41 PM
- Ben Shapiro wants accusers to describe Brett Kavanaugh’s penis Monday 4:30 PM
- Twitch suspends streamer for wearing Chun-Li cosplay Monday 4:11 PM
- Report: 8 years of Trump tax returns subpoenaed by prosecutors Monday 3:45 PM
- Netflix lands exclusive streaming rights to ‘Seinfeld’ Monday 3:34 PM
- Jenny Slate sets first comedy special at Netflix Monday 3:05 PM
- #EndSmearFear is aiming to save lives Monday 2:54 PM
AntiSec releases 1 million Apple device IDs
Anonymous hacker group claims to have lifted many more from an FBI laptop in March.
The Anonymous hacker group known as AntiSec has released more than 1 million Apple device identification numbers after allegedly swiping them from the FBI.
The unique device identifier numbers, or UDIDs, were dumped on PasteBin with a lengthy message criticizing cybersecurity, praising the Syrian rebels, and calling out Gawker reporter Adrian Chen, who has jabbed at the hacker groups in the past.
The identification numbers look real, reported Forbes’ Andy Greenberg, who downloaded the data and found that it included character strings resembling UDIDs. These identification numbers are regularly used by applications run on Apple devices as a way for users to log in. While they are a quick and easy way for users to interact with software often unknowingly, the UDIDs are extremely vulnerable, reported Aldo Cortesi, a researcher who has published numerous studies on the abuse of UDID since May 2011.
“In a sample of 94 apps I tested, 74% silently sent the UDID to one or more servers on the Internet, often without encryption,” Cortesi wrote in September 2011.
The UDIDs were allegedly stolen from a FBI laptop used by special agent Christopher K. Stangl of New York’s Evidence Response Team. AntiSec claims that a Dell notebook used by Stangl was hacked during the second week of March, including a file named “NCFTA_iOS_devices_intel.csv” said to contain more than 12 million UDIDs, name of devices, type of device, Apple Push Notification Service tokens, ZIP codes, cell phone numbers, and addresses.
“so the big question: why [are we] exposing this personal data? well we have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that,’” AntiSec wrote on PasteBin. “but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it.”
One person who cares is Cortesi, who called this leak the “tip of the iceberg” in a post Tuesday.
“Negotiating disclosure and trying to convince companies to fix their problems has taken literally months of my time, so I’ve stopped publishing on this issue for the moment. It’s disheartening to say it, but some of the companies mentioned in my posts still have unfixed problems (they were all notified well in advance of any publication),” Cortesi wrote. “I’ve often been asked ‘What’s the worst that can happen?’. My response was always that the worst case scenario would be if a large database of UDIDs leaked… and here we are.”
In April, Apple began rejecting applications that used the UDID.
Update: All Things Digital reports that the FBI refuted AntiSec’s claims with the following statement.
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
Photo by Newtown grafitti/Flickr
Fernando Alfonso III served as an early Reddit and 4chan reporter and the Daily Dot’s first art director until 2016. He’s gone on to report at Lexington’s Herald-Leader and at the Houston Chronicle.