funsec mailing list archives
Re: FBI hack yielded 12 million iPhone and iPad IDs, Anonymous claims
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 4 Sep 2012 17:34:17 -0400
"FBI Says AntiSec Hackers Lied About List of iPhone ID Numbers," http://allthingsd.com/20120904/fbi-says-antisec-hackers-lied-about-list-of-iphone-id-numbers/ The FBI has shot down today’s claim by the AntiSec hacking group that it breached an agency-owned computer and stole a database said to contains some 12 million unique ID numbers for iPhones and iPads around the world. Here’s the statement straight from an FBI spokesperson, only five minutes ago: "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data." ... On Tue, Sep 4, 2012 at 11:51 AM, Jeffrey Walton <noloader () gmail com> wrote:
Not sure how much of this is true, but the FBI does have a history of violations against US citizens. http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/ Hackers associated with Anonymous claim to have swiped more than 12 million Apple iPhone and iPad device identifiers from an FBI computer. Someone using the banner of AntiSec — a 14-month-old joint operation of Anonymous and LulzSec — posted a document to Pastebin on Monday that contained links to around a million Apple unique device identifiers (UDIDs). The anonymous poster said the release was intended to highlight the FBI's alleged tracking of Apple customers. "We never liked the concept of UDIDs since the beginning indeed," the post read. "Really bad decision from Apple. Fishy thingie." Every iOS device has a UDID. The number was put in place so developers and mobile advertising networks could track user behaviour. However, over the last year Apple has been phasing out apps' access to UDIDs, as the numbers were sometimes being transmitted to third parties without users' consent. According to the post, which was linked to from a well-known Anonymous Twitter account, the hackers got into the Dell laptop of FBI special agent Christopher Stangl during the second week of March this year. Stangl works at the FBI's New York field office, and has been a prominent face in the agency's cybersecurity recruitment efforts. AntiSec said the hack, which apparently exploited a Java vulnerability, yielded a CSV file containing "a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service [APNS] tokens, zipcodes, cellphone numbers, addresses, etc". 1,000,001 released The hackers said they were publishing 1,000,001 of the UDIDs and APNS tokens as that was "enough to release". They stressed that they had stripped out the other personal data held in the file, noting that not all the listed devices have the same amount of personal data linked. "We have learnt it seems quite clear nobody pays attention if you just come and say 'hey, [the] FBI is using your device details and info and who... knows [why they are] experimenting with that'," the document read. "We could have released mail and a very small extract of the data. Some people would eventually pick up the issue but well, let's be honest, that will be ephemeral... Eventually, looking at the massive number of devices concerned, someone should care about it." The hackers added that it was "the right moment" to release the data as Apple was currently looking for alternatives to the UDID system. "In this case it's too late for those concerned owners on the list," the document read. "We always thought it was a really bad idea. That hardware coded IDs for devices concept should be eradicated from any device on the market in the future." The document, which is written in slightly broken English, has near its end an insult about US presidential candidate Mitt Romney, written in German.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- FBI hack yielded 12 million iPhone and iPad IDs, Anonymous claims Jeffrey Walton (Sep 04)
- Re: FBI hack yielded 12 million iPhone and iPad IDs, Anonymous claims Kyle Creyts (Sep 04)
- Re: FBI hack yielded 12 million iPhone and iPad IDs, Anonymous claims Jeffrey Walton (Sep 04)