Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

AntiSec claims to have snatched 12M Apple device IDs from FBI

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 4 Sep 2012 05:20:30 -0500 (CDT)
http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/

By Steven Musil
CNET News
Security & Privacy
September 3, 2012
An online hacker group associated with Anonymous claims to have posted 1 million Apple Unique Device Identifiers (UDIDs) by breaching FBI security.
UDIDs are the unique string of numbers that individually identifies each iOS device and formerly used by developers to track their app installations across Apple's user base.
In all, AntiSec claims to have obtained more than 12 million UDIDs, including user names, addresses, and notification tokens from a laptop used by an FBI agent. In a missive posted to Pastebin, the hacking group explains how it obtained the data from an FBI agent's laptop: 

    During the second week of March 2012, a Dell Vostro notebook, used
    by Supervisor Special Agent Christopher K. Stangl from FBI
    Regional Cyber Action Team and New York FBI Office Evidence Response
    Team was breached using the AtomicReferenceArray vulnerability on
    Java, during the shell session some files were downloaded from his
    Desktop folder one of them with the name of
    "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232
    Apple iOS devices including Unique Device Identifiers (UDID), user
    names, name of device, type of device, Apple Push Notification
    Service tokens, zipcodes, cellphone numbers, addresses, etc. the
    personal details fields referring to people appears many times
    empty leaving the whole list incompleted on many parts. no other
    file on the same folder makes mention about this list or its
    purpose.
Although Apple has already said it would begin restricting developer access to the identifiers, the Pastebin post says the group posted the data out of suspicion the FBI was using the UDIDs for nefarious purposes, such has people tracking, as well as to protest the use of UDIDs in general. 

[...]
Previous By Date Next
Previous By Thread Next

Current thread: