- Is that Rosa Parks in random Twitter user’s baby photo? Tuesday 8:24 PM
- Syracuse students say white supremacist manifesto was AirDropped to them Tuesday 7:44 PM
- Florida woman gets prison time for throwing slushie at Matt Gaetz Tuesday 6:28 PM
- Marie Kondo’s online store slammed for selling clutter-worthy products Tuesday 5:34 PM
- People are rallying against toxic masculinity on International Men’s Day Tuesday 4:42 PM
- Reddit wants to stop its pro-Trump forum from outing the alleged whistleblower Tuesday 3:38 PM
- White woman calls cops on man who said he was visiting aunt with his kids Tuesday 3:12 PM
- ‘The Stranded’ is a flawed yet addictive blend of ‘Degrassi’ and ‘Lost’ Tuesday 2:45 PM
- The ‘gonna tell my kids’ meme is revisionist history at its most absurd Tuesday 2:24 PM
- Redditor asks former burglars to give home security tips Tuesday 2:18 PM
- Facebook-Breitbart partnership under fire in wake of new Stephen Miller emails Tuesday 2:00 PM
- John Krasinski under fire after praising the CIA Tuesday 1:46 PM
- Conservatives melt down after Chick-fil-A says it will stop donating to anti-LGBTQ orgs Tuesday 1:33 PM
- ‘Honey Boy’ is an experimental look at channeling trauma Tuesday 1:28 PM
- Disney+ now allows users to resume and restart content Tuesday 11:42 AM
Leaked Apple device IDs came from app developer, not FBI
Although AntiSec hackers claim they stole 1 million Apple device ID numbers from the FBI, a digital publishing company has come forward as the real source of the leak.
A Florida publishing company has taken responsibility for the leaked Apple device identification numbers that were originally claimed to be stolen from a FBI laptop.
Paul DeHart admitted to NBC News that around 1 million unique device identifier numbers, or UDIDs, were stolen from his company’s database and not from an FBI laptop cracked by Anonymous-affiliated hacker group AntiSec. The FBI previously denied having access to UDIDs, and Apple denied sharing the numbers with the agency.
To prove his company was the source of the leak, DeHart downloaded the data released by AntiSec and compared it to that on his company’s computers. There was a 98 correlation between both batches of information, DeHart told NBC.
“That’s 100 percent confidence level, it’s our data,” DeHart added. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”
UDIDs are regularly used by applications run on Apple devices as a way to identify users—for example, to send iMessages and push notifications to the proper device. While they are a quick and easy way for users to interact with software (often unknowingly) the UDIDs are extremely vulnerable, reported Aldo Cortesi, a researcher who has published numerous studies on the abuse of UDID since May 2011.
DeHart was tipped off to the security breach by independent researcher David Schuetz who believes the data was stolen sometime in the last two weeks. This further contradicts AntiSec’s claims that the information was stolen in March.
BlueToad is an app developer that provides services to more than 5,000 publishers, who have released more than 10,000 titles.
The company does not have plans to notify Apple users that their UDIDs have been compromised and doesn’t believe the leak is a major risk to user security.
“Honestly, the UDID information by itself isn’t harmful, as far as we know,” he told NBC. “I can’t say anything is impossible, but the reality is, to push notifications to a device, you need certain keys, certain Apple credentials. You have to have a developer’s account with Apple. … So there are lots of processes in place, measures to keep the average ‘anybody’ from being able to take UDIDs and begin doing something with that information.”
Image via BlueToad
Fernando Alfonso III served as an early Reddit and 4chan reporter and the Daily Dot’s first art director until 2016. He’s gone on to report at Lexington’s Herald-Leader and at the Houston Chronicle.