Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop
http://www.macrumors.com/2012/09/04/hackers-release-1-million-ios-device-udids-obtained-from-fbi-laptop/Hacker group Antisec has released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices tonight. The records reportedly came from a file found on an FBI laptop back in March.
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
The file that was found was said to contain over 12 million device records, including Apple UDIDs, usernames, push notification tokens, and in some instances, names, cell phone numbers, addresses and zip codes.
The group released 1 million of these records but stripped most personal information. The final release includes Apple UDIDs, APNS (push notification) Tokens, Device Name (e.g. "Arnold's iPhone"
and Device Type (e.g. "iPhone" . MacRumors has been able to confirm that the UDIDs appear to be legitimate.
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
The file that was found was said to contain over 12 million device records, including Apple UDIDs, usernames, push notification tokens, and in some instances, names, cell phone numbers, addresses and zip codes.
The group released 1 million of these records but stripped most personal information. The final release includes Apple UDIDs, APNS (push notification) Tokens, Device Name (e.g. "Arnold's iPhone"
and Device Type (e.g. "iPhone" . MacRumors has been able to confirm that the UDIDs appear to be legitimate. Not much can be done with the UDIDs, however this is a bit alarming that data such as this could be gleaned from a stolen laptop.
7 replies
= new reply since forum marked as read
= new reply since forum marked as read
The privacy risks, however, typically come from these ids being used across ad networks and apps to piece together a more complete picture of activity and interests of the user. But it was reported back in 2011 that by leveraging existing networks, information and even login access can be obtained from UDIDs.
In case if someone is wondering..Yes Antisec claims to have the personal information associated with each UDID, such as Names, phone numbers , addresses and more.
the UDID implementation is riddled with security loopholes and Apple has been repeatedly criticized for it.
I posted a thread related to the lack of security in Apple's products a while back on DU; here is the link
Loose-lipped iPhones top the list of smartphones exploited by hacker
http://www.democraticunderground.com/1002435802
As a security professional who gets paid to hack into high-value networks, Mark Wuergler often gets a boost when his targets use smartphones, especially when the device happens to be an iPhone that regularly connects to Wi-Fi networks.
That's because the iPhone is the only smartphone he knows of that transmits to anyone within range the unique identifiers of the past three wireless access points the user has logged into. He can then use off-the-shelf hardware to passively retrieve the routers' MAC (media access control) addresses and look them up in databases such as Google Location Services and the Wireless Geographic Logging Engine. By allowing him to pinpoint the precise location of the wireless network, iPhones give him a quick leg-up when performing reconnaissance on prospective marks.
..
..
The exposure of MAC addresses extends not only to iPhones, but to all Apple devices with Wi-Fi capabilities, he said. It means that whenever the wireless features are enabled and not connected to a network—for instance, during a brief encounter at a Starbucks—they broadcast the unique identifiers, and it's trivial for anyone nearby to record them.
Apple did not respond to our requests for comment for this article.
more here
http://arstechnica.com/apple/news/2012/03/loose-lipped-iphones-top-the-list-of-smartphones-exploited-by-hacker.ars?clicked=related_right
Screenshot of information gleaned from Apple products due to this flaw, by the Security analyst. Hackers have access to this information
Right click and select "view image" to view a high-res version of the image.
Contact details
Called list.
images.
apps..everything is accessible to the hacker.
[IMG]
[/IMG]
Apple's security implementations are much worse than Microsoft's and that of other tech Giants(Contrary to popular opinion, Microsoft has one of the most robust security mechanism's in place..thanks to their decades long battle with hackers/viruses..something that Apple never went through); for the simple reason that most hackers did not target Apple till recently due to its miniscule market share. It's policy of "Security through obscurity" does not work anymore.
