Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop

[munkery]

Maybe this data is related to the recent incident of malware in the iOS app store.

That malware wasn't an overly serious threat but I suspect that it is under some sort of investigation.

I wonder if the data is the information collected by the malware that was used generate the spam in relation to the app.

 

[Orange Furball]

in b4 'Steve would have never blah blah blah blah blahed this'

John Scully would have never allowed this.

All that hippie mumbo jumbo cause this.

Darn it the heck Steve! Why'd you come back!?

 

[Jibbajabba]

Am I the only one wondering how you can open an Excel sheet / csv file with 12M rows without Windows blowing up (or any OS for that matter.)

As to a few comments 'IOS user being a threat' (I know it is a joke) - lets face it, it is not that, it is simply the face that IOS stores all the data to begin with, including your shoe size, type of food you like and how often you get comfy with your girlfriend

----------

How to check if your UDID is in the released list?

1. Download the file from one of these sources:



2. Open a terminal window and type this (replace file.txt with the path/name of the file you just downloaded. You can drag and drop the filename directly in the terminal window):



3. Enter the following password (you can also copy/paste it. Don't worry, you won't see it in the terminal window):



4. Uncompress decryptedfile.tar.gz by double-clicking on it. The file should be located in Users/<your_username>/

5. Open iphonelist.txt

6. Find your iOS device UDID by starting iTunes. When presented with this screen:

Image

...click on the word "Serial number" to reveal your UDID. It should now show this:

Image

7. Copy your UDID and search within the file to check if yours is in it. If you have a question, just ask.

And you do what if your UUID is in there ? Panicking, killing yourself, crying for mum, buy a Nokia 5510?

 

[Akarin]

Am I the only one wondering how you can open an Excel sheet / csv file with 12M rows without Windows blowing up (or any OS for that matter.)

With a text editor.

 

[Steve121178]

And this ( or anything similar ) should come as a surprise to anyone why?

Agreed. It's incredible naivety for anyone to be surprised by this sort of thing.

 

[subsonix]

Am I the only one wondering how you can open an Excel sheet / csv file with 12M rows without Windows blowing up (or any OS for that matter.)

You can do text search on unlimited file sizes in the terminal.

----------

Agreed. It's incredible naivety for anyone to be surprised by this sort of thing.

The surprise is that the information was stored in such a way that i could be hacked (assuming the story is true).

 

[robogobo]

I'd like to know if the FBI obtained this info legally, and if so, thank you Patriot Act!

 

[GBrooks]

John Scully would have never allowed this.

All that hippie mumbo jumbo cause this.

Darn it the heck Steve! Why'd you come back!?

Hahahaha!

Also, Hello fellow muser!

 

[Mr. Gates]

How to check if your UDID is in the released list?

1. Download the file from one of these sources:



2. Open a terminal window and type this (replace file.txt with the path/name of the file you just downloaded. You can drag and drop the filename directly in the terminal window):



3. Enter the following password (you can also copy/paste it. Don't worry, you won't see it in the terminal window):



4. Uncompress decryptedfile.tar.gz by double-clicking on it. The file should be located in Users/<your_username>/

5. Open iphonelist.txt

6. Find your iOS device UDID by starting iTunes. When presented with this screen:

Image

...click on the word "Serial number" to reveal your UDID. It should now show this:

Image

7. Copy your UDID and search within the file to check if yours is in it. If you have a question, just ask.

Steps on a Windows machine ?

 

[chaosbunny]

It drives me crazy when people talk badly about the people who keep us safe. ... , but god dammit I respect them and know that they work hard to keep us safe every day.

Do you also believe in Santa Claus, the Tooth Fairy and the Easter Bunny?

To anyone who follows news and is a little bit informed about politics it shouldn't come as a surprise that governments these days collect, monitor and profile every bit of data they can get. And no they don't need individuals to look through the millions of files collected, it's profiled and stored automatically. Thanks to cloud computing they now get more data than ever. No one should be put under surveillance for no reason - but it's happening anyway. We are all suspects and it's not happening to "keep us safe". If they wanted to "keep us safe" the government should leave us in peace.

 

[Steve121178]

I'd like to know if the FBI obtained this info legally, and if so, thank you Patriot Act!

I used to work for one of the UK's largest networks (I work in I.T.) and the Government used to have a bunch of their servers in our server room. Without going into too much information, the Government can basically take what they want. Some actions required a court order, but there was nothing stopping them doing whatever they wanted. SMS logs, call records, your information - you name it, they have access to it.

All SMS's you send are archived and available for perusal by anyone that wants to look. Ever taken an embarrassing photo and sent it via SMS? It's on the server. Ever sent an SMS message in your life? All of them are archived. They are meant to be deleted after 6 years I think, but they are kept.

All this information can be downloaded to a laptop or whatever. Baring in mind that this information can easily be copied to another laptop and then this laptop can easily be stolen... It's so easy for your personal data to end up in the wrong hands and posted all over the internet, sold to another party or used against you.

 

[craznar]

Steps on a Windows machine ?

Install a VMWare linux appliance (Ubuntu is good) - then follow instructions.

 

[Peace]

Ok. Mine's not listed but I'd still like to know what the FBI was doing with 12 million UDID's from iPhones.

 

[swingerofbirch]

Mine is also in the list. I'd be interested to find out why they have it... What's the point of the FBI having this data? Why did apple give it to them? I don't really like this.

They know what you did last summer.

 

[craznar]

And you do what if your UUID is in there ? Panicking, killing yourself, crying for mum, buy a Nokia 5510?

September 12th - I hear something is happening that day

Oh, and I'm sure your mother in law wouldn't mind a phone as a present ?

----------

I don't really like this.

From my understanding:

1. 12 million is about 1% of the total iPhone/iPads sold?
2. The US has 1% of its population behind bars
THUS IT FOLLOWS
3. That 1% of Apple users are criminals, so the FBI is ok having their data.

Makes perfect logical sense to me

 

[Watabou]

With a text editor.

Or just grep/ack it. It took vim a LOT of time to open that file.

You can just search for the UDID or your iPhone's name.

Just enter this in the terminal to search:

cat iphonelist.txt | grep -i "insert your iPhone's name or UDID here"

without the quotes and it will highlight if it finds a match.

Thankfully, mine wasn't in there.

 

[Jazwire]

With Holder as head of DOJ, is anyone really that surprised?

 

[monoskier]

To anyone who follows news and is a little bit informed about politics it shouldn't come as a surprise that governments these days collect, monitor and profile every bit of data they can get. And no they don't need individuals to look through the millions of files collected, it's profiled and stored automatically. Thanks to cloud computing they now get more data than ever. No one should be put under surveillance for no reason - but it's happening anyway. We are all suspects and it's not happening to "keep us safe". If they wanted to "keep us safe" the government should leave us in peace.

ACME called. Your tinfoil hat should arrive next week.

 

[pysl]

Which division in FBI? the Fringe Division?

 

[TheWhiteBox]

Mine isn't part of this 1M set. Would love to know if its part of the 12M set.

The UDID/APNS token seem to be mostly useless to a hacker, but the real question is, how did the FBI get this info and what are they using it for? And also, how did they get the additional info (email, name, phone number, addresses) that Antisec stripped out?

 

[The Phazer]

[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


Image

Hacker group Antisec has released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices tonight. The records reportedly came from a file found on an FBI laptop back in March.The file that was found was said to contain over 12 million device records, including Apple UDIDs, usernames, push notification tokens, and in some instances, names, cell phone numbers, addresses and zip codes.

The group released 1 million of these records but stripped most personal information. The final release includes Apple UDIDs, APNS (push notification) Tokens, Device Name (e.g. "Arnold's iPhone") and Device Type (e.g. "iPhone"). MacRumors has been able to confirm that the UDIDs appear to be legitimate.

The source of the data is not entirely clear, though the type of data is typical for the kind of information an iOS app developer would collect to deliver push notifications to users. It seems an App developer or developers are the original likely source of the information, though no specific information is yet available.

Err.... why would developers have access to the Device Name as part of their push notification records?

Sigh. Apple. Security. Sigh.

Of course this is the FBI's cock up, but it's one that's made worse by the fact those device names in many cases will leak personally identifying information (like the user's name!) and link it to their UDID.

 

[subsonix]

Or just grep/ack it. It took vim a LOT of time to open that file.

You can just search for the UDID or your iPhone's name.

Just enter this in the terminal to search:

cat iphonelist.txt | grep -i "insert your iPhone's name or UDID here"

without the quotes and it will highlight if it finds a match.

Thankfully, mine wasn't in there.

Or:

grep myUDID iphonelist.csv

I believe that UDIDs are case sensitive, so I suppose the -i flag could give a false positive.

 

[Jibbajabba]

Or just grep/ack it. It took vim a LOT of time to open that file.

You can just search for the UDID or your iPhone's name.

Just enter this in the terminal to search:

cat iphonelist.txt | grep -i "insert your iPhone's name or UDID here"

without the quotes and it will highlight if it finds a match.

Thankfully, mine wasn't in there.

Let me ask again - if it was - are you killing yourself, throw away your phone or passport or what? Some people should just calm down or live in a cave. You are online, so your details are somewhere and someone can access it. I mean hell, no one complains about googles T&Cs saying that they can do with your data what they want because it's on their server. Ignorance is a brilliant savety tool

 

[koobcamuk]

Go back to bed America, your Government is in control.

 

[chaosbunny]

ACME called. Your tinfoil hat should arrive next week.

Wow, how original! ACME called. Your brain should arrive next week. When it's here you can maybe get something called "book" or "newspaper" and start using it. It might be scary at first, but it's worth it!