Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop

forcewithme said:
1. A dev creates an app
2. 1+ million buys/downloads the app (did you see the missing 11 mln?)
3. The app is collecting all this information
4. The dev stores it
5. Anonymous uses SQLi to steal this info
6. Publishes it attributing to FBI agent who hunts Anoymous
Click to expand...

First, not many apps have 12 million copies installed, not even if the app is free. So it is a very well known app like Kindle or Skype.

Second, big app producers don't get raided so much, because they are corporations with lawyers telling them to avoid risks.

Third, corporations don't need to get raided to provide user info. Their lawyers tell them to share it, or Bilderberg tells them to, and they are eager to betray their customers' info because customers are small fries.

Fourth, the FBI wouldn't have such info on hand unless there were an ongoing investigation, e.g. a political policing action, where literally millions of people are suspects.

Therefore this is probably an official betrayal by a big company like Amazon, telling the FBI everyone who has bought a book that condemns politically-connected criminals like Wall St bankers.

----------
stagsknights said:
It's obvious that all of our personal data, credit card #'s, social security numbers are available to those people who are experts at gathering this kind of data. I don't believe there are really ways to FULLY protect yourself from others getting this info if they want it.
Click to expand...

It can be done if you don't mind using Linux. If you want an iOS device however there is one way: Don't use an app unless you wrote it yourself :)

Steps for maintaining privacy:

Watch the TV show on Youtube called Track Me If You Can.

http://www.youtube.com/watch?v=eXkPU9NSfPQ
 
So: what can be done with this information?
(By the FBI, the hacker group, or anyone who downloads the million entries?)
 
wrkactjob said:
Shouldn't Apple restrict the ability of an App developer to take information from a customers device?
Click to expand...

iOS apps can no longer request the UDID from iOS. But we don't know how old this data is, could be from before that rule was instituted.
 
I have no beef with the FBI doing their job, but I do have a major concern with monitoring activities that are not sanctioned by legal means. I would like to see the FISA court, or any warrant authorization document or documents that indicate these 12 million iOS users (presumably Americans since it is the FBI) had reasonable justification for monitoring as would be required for wire tapping. Or I want to know what law makes this legal and where I was notified publicly and or contractually that this activity was authorized.
 
I bet you all the udid's are people that are jail broken and stealing apps. Watch out all you installous users.
 
Akarin said:
How to check if your UDID is in the released list?

1. Download the file from one of these sources:



2. Open a terminal window and type this (replace file.txt with the path/name of the file you just downloaded. You can drag and drop the filename directly in the terminal window):



3. Enter the following password (you can also copy/paste it. Don't worry, you won't see it in the terminal window):



4. Uncompress decryptedfile.tar.gz by double-clicking on it. The file should be located in Users/<your_username>/

5. Open iphonelist.txt

6. Find your iOS device UDID by starting iTunes. When presented with this screen:

Image

...click on the word "Serial number" to reveal your UDID. It should now show this:

Image

7. Copy your UDID and search within the file to check if yours is in it. If you have a question, just ask.
Click to expand...

So my iPhone's bunch of numbers is hacked, so what?
 
Last edited:
But what can we do???

MACRUMORS: write something up on how to be secure. for us little people.

I have nothing to hide but a sense of security is or should be helpful to all.

A black SUV with tinted windows just parked across the street .. . I have to go.
 
AaronEdwards said:
If Apple is giving this information to the FBI, then yes.

Much like that the 1M is a subset of 12M, the 12M can also be a subset of the full set of UDID/etc that the FBI has.

It might come from a dev, but that would mean the following:
1. A dev creates an app
2. 12+ million buys/downloads the app
3. The app is collecting all this information
4. The dev stores it locally
5. The dev gets raided by the FBI
6. The FBI then decides to keep this information and have agents store it on their computers. (If it was evidence, then it would end up locked up somewhere.)

Compare that with this.
1. Apple gives the information to the FBI

See Occam's razor.
Click to expand...

Or:

1. FBI is taking this information from citizens and/or Apple.
 
Steve121178 said:
I used to work for one of the UK's largest networks (I work in I.T.) and the Government used to have a bunch of their servers in our server room. Without going into too much information, the Government can basically take what they want. Some actions required a court order, but there was nothing stopping them doing whatever they wanted. SMS logs, call records, your information - you name it, they have access to it.

All SMS's you send are archived and available for perusal by anyone that wants to look. Ever taken an embarrassing photo and sent it via SMS? It's on the server. Ever sent an SMS message in your life? All of them are archived. They are meant to be deleted after 6 years I think, but they are kept.

All this information can be downloaded to a laptop or whatever. Baring in mind that this information can easily be copied to another laptop and then this laptop can easily be stolen... It's so easy for your personal data to end up in the wrong hands and posted all over the internet, sold to another party or used against you.
Click to expand...

To add to my post, every phone also has an IMEI number. This identifies your phone on the network and this number also allows your phone to be tapped by the Government or whoever wants to eavesdrop. And yes, your network provider willingly gifts this information to your Government to do whatever it wants with this information.

Just press *#06# to see yours.
 
Worried?

The department of homeland security has purchased 1.5 billion hollow tip bullets.

They have files on all of you. All your blog comments are recorded, all your forum posts are recorded. Some of you are of "special interest" to them.

Why does your government need millions of plastic coffins? Why are there so many FEMA camps in the US?

What event will trigger new laws that will cause civil unrest?

Just who are these government agencies accountable to?

Back in the 1980's when I used to be a military policeman, each platoon had at their barracks, safes containing lists of names of people who were to be rounded up, if we were ever at war with the soviets, these people were union types, college lecturers, politically active types, basically anybody who could be considered a risk to the Realm. It was our job to round these people up and detain them, before deploying to west Germany. These were paper lists, expand that potential a million fold with computers.

Government is not in the business of keeping you safe, its in the business of maintaining the status quo.

Laugh as much as you like, you've already lost so many civil liberties since 2000. What next? Just keep believing that they need this info to keep YOU safe. Baaaaaa:rolleyes:
 
I guess both Apple and the FBI need to release statements on this ASAP.
FBI on how they got their hands on these, Apple on if they are the source or not.
 
huges84 said:
The Next Web has built a website where you simply paste your UDID to check if it was leaked. They claim not to store the UDID.
http://thenextweb.com/apple/2012/09/04/heres-check-apple-device-udid-compromised-antisec-leak/

You can find your UDID by following these dead simple instructions:
http://whatsmyudid.com/
Click to expand...

Trying not to be too cynical, but these guys will have a small database of UDIDs soon :rolleyes:

I was thinking what a hacker could do with this database, and I cannot really think of anything. All that you would have is a list of a million UDIDs of iOS devices, and you would know that they found their way onto an FBI owned computer. A UDID on its own is harmless, it is only dangerous when it can be connected to other information. And when you have lots of "other information", you can put together all the information about some UDID and do things with it. But here the only connected information is "UDID turned up on an FBI computer".
 
rotax said:
I have no beef with the FBI doing their job, but I do have a major concern with monitoring activities that are not sanctioned by legal means. I would like to see the FISA court, or any warrant authorization document or documents that indicate these 12 million iOS users (presumably Americans since it is the FBI) had reasonable justification for monitoring as would be required for wire tapping. Or I want to know what law makes this legal and where I was notified publicly and or contractually that this activity was authorized.
Click to expand...

Who said anything about the FBI monitoring you? All it says is that they have a database which may have some information on you. The government has plenty of databases on you already, and you know this. The IRS has one. The Social Security administration has one. There used to be a big database that had lots of information on everyone and was publicly available-- it was called "The Phone Book." It's nothing new. Obviously the FBI maintains all sorts of general population databases, which are helpful in tracking down actual criminal activity when it occurs. It doesn't mean they are monitoring everyone in each database.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back