Apple Device IDs Hacked by Anonymous

courtesy: Apple, Inc.


It appears Anonymous and/or Anonymous related teams are at it again. This time over 12 million Apple iPhone and iPad device identifiers from an FBI computer have been stolen.

Specifically the AntiSec project, which is a joint project consisting of Anonymous and LulzSec members, are the ones behind it. An anonymous poster on Pastebin said the release was intended to highlight the FBI’s alleged tracking of Apple customers, on Monday. They also posted a document that contains links to approximately a million Apple unique device identifiers (UDIDs) worldwide.


“We never liked the concept of UDIDs since the beginning indeed,” the post read. “Really bad decision from Apple. Fishy thingie.”
What is a UDID? The number was created and utilizied so that developers, social media apps, mobile advertising networks, etc could track user behavior. During the course of this last year, Apple has been eliminating various apps’ access to these UDIDs since the IDs were sometimes being transmitted to third parties without any warning or consent, a huge privacy no-no as we have recently learned regarding the Netflix lawsuit especially.
The post which was posted from a Anonymous Twitter account went on to say that the hackers got inside of a laptop belonging to FBI special agent Christopher Stangl back in March. He works in the FBI’s New York field office and has working extensively on the agency’s cybersecurity recruitment efforts.


AntiSec said that this hack, which exploited a known Java vulnerability (big surprise there, eh?), provided a list which has been described as “a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.” A huge leak and some extremely sensitive information.


They also went on to say that they were publishing 1,000,001 of the UDIDs and APNS tokens as that would be “enough to release”. They did explicitly stress that they had took out much of the other personal data that was held in the file, going on to explain that not all the listed devices included have the same type of personal data linked.


They are quoted explaining: “We have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who… knows experimenting with that’,” the document read. “We could have released mail and a very small extract of the data. Some people would eventually pick up the issue but well, let’s be honest, that will be ephemeral… Eventually, looking at the massive number of devices concerned, someone should care about it.”
Since Apple has been looking in to a new alternative to the UDID system. According to the hackers, the time was right to release this data.
“In this case it’s too late for those concerned owners on thelist,” the document read. “We always thought it was a really bad idea. That hardware coded IDs for devices concept should be eradicated from any device on the market in the future.”

Share Feedback We Want to Hear From You