September 5, 2012
The identification codes for one million Apple iPhones and iPads are now online courtesy of hackers associated with Anonymous, the group who, purportedly, pilfered the information from an FBI agent’s laptop.
The FBI, however, is denying allegations they ever had any data, let alone information on 12 million iOS devices, as the hackers claim.
A hacker, under the umbrella of AntiSec – a 14-month-old joint operation of Anonymous and LulzSec – posted a file to Pastebin Monday containing links to roughly one million Apple unique device identifiers (UDIDs).
The post alleged that the hackers gained access to the Dell laptop of FBI special agent Christopher Stangl in March of this year. Stangl, according to news reports, works at the New York field office and has been instrumental in the FBI’s cybersecurity recruitment efforts.
FBI officials said Tuesday the bureau never asked for, and never possessed the database AntiSec posted on Pastebin. They also said that the authenticity of the data that AntiSec released could not be verified.
The hacker said “a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service (APNS) tokens, zip codes, cellphone numbers, addresses, etc.” were harvested by exploiting a Java vulnerability on the agent’s laptop.
The anonymous poster said although the original file contained more than 12 million devices “we decided a million would be enough to release” to draw attention to the FBI’s alleged tracking of Apple customers.
“We trimmed out other personal data as, full names, cell numbers, addresses, zip codes, etc.,” the post said. “Not all devices have the same amount of personal data linked. Some devices contained a lot of info, others no more than zip codes …
“In this case it’s too late for those concerned owners on the list,” the post continued. “We think it’s the right moment to release this knowing that Apple is looking for alternatives for those UDID currently … We never liked the concept of UDIDs since the beginning indeed. Really bad decision from Apple.”
All iOS devices have a UDID to allow developers and mobile advertising networks to follow user behavior. Apple has said it has, over the past number of months, been phasing out the access to UDIDs because the numbers could be broadcast to third parties without the users’ permission.