Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop
- Thread starter MacRumors
- Start date
- Sort by reaction score
The same people who are complaining about this are on Facebook, Twitter, and use Google services. Nothing is private anymore.
Luckily I live in the UK, so all I have to worry about is my health records getting lost on a train.
Anyway.
The authorities make our business their business, that's not new news. The question is, how did they get all this information in the first place?
Some have speculated it could be a collaboration between Apple and Facebook helping the FBI. The Facebook app has phone numbers and full names already, so if Apple let in a Facebook app that gathered the UDID info from the iPhone they could collect this data for their FBI friends.
Of course it could also just be data directly from Apple due to people registering all their details when they first plug the device into iTunes.
I'd like to know some more definite answers on that front though.
Anyway.
The authorities make our business their business, that's not new news. The question is, how did they get all this information in the first place?
Some have speculated it could be a collaboration between Apple and Facebook helping the FBI. The Facebook app has phone numbers and full names already, so if Apple let in a Facebook app that gathered the UDID info from the iPhone they could collect this data for their FBI friends.
Of course it could also just be data directly from Apple due to people registering all their details when they first plug the device into iTunes.
I'd like to know some more definite answers on that front though.
I couldn't help but notice the hackers properly encrypted the files in 256 with a long hard password, unlike the FBI itself!
The other thing I noticed were the many references by the hackers to freedom fighters we all respect from our "American history". Then of course others in recent news.
The sheer depth of the federal security culture is infathomable and for most folks entirely unavoidable.
The LAAS reference is for all practical purposes real for us all.
This was the tiniest of all leaks and it is still clear.
Rocketman
Not sure if this has been posted already but you can check if your device information was leaked here: http://dazzlepod.com/apple/
I would imagine FBI or other US govt dept would just have a direct back end feed into Apples systems? I mean effectively they can track anyone anytime who has an iOS device and a Internet connection back to apples systems, with things like find my iPhone being able to provide real time tracking without informing the user..
Question is why do FBI allow sensitive information on a users laptop, or did this employee do so without permission? I think it highlights the importance of people having wads of data on their laptop without appropriate protection of the data. Disk encryption only goes so far, still have the weakest link in the chain to deal with (as always), the end user.
Question is why do FBI allow sensitive information on a users laptop, or did this employee do so without permission? I think it highlights the importance of people having wads of data on their laptop without appropriate protection of the data. Disk encryption only goes so far, still have the weakest link in the chain to deal with (as always), the end user.
Ron Paul 2012. 
----------
That's not an exaggeration at all. This stuff is happening every day.
----------
That's not an exaggeration at all. This stuff is happening every day.
I don't think that the fact it was a Dell computer is relevant to the issue at hand. It was a Java vulnerability that was exploited and if I had to guess, I would say that the FBI agent was specifically targeted in order to mine information from him. If he were using a Mac with an un-patched and active Java environment, he would have been just as susceptible.
App developers and Apple collect the information as part of doing business with consumers so I would expect them to have it.
The FBI does no business with me so they should not have this information.
Mine wasnt in the file
So I downloaded the file, opened it in the text editor and did a search for my UDID. Not in there. Could well be one of the other 11 million.
This article just goes to show that the government is:
a) collecting information that they should NOT have. Why they need 12 million UDID's is totally beyond me. I can see why they may have suspects UDID info but if there is no reason to have all of them. You can't tell me all 12 million are a suspect in some crime.
b) not able to securely maintain their records. Yet another reason why in this day and age they should keep their information collecting to a minimum.
I have absolutely nothing to hide but could be subject to hacking efforts simply because the government is inept.
----------
I used this link, downloaded the text file and did a CTRL F search.
http://minus.com/l3Q9eDctVSXW3
So I downloaded the file, opened it in the text editor and did a search for my UDID. Not in there. Could well be one of the other 11 million.
This article just goes to show that the government is:
a) collecting information that they should NOT have. Why they need 12 million UDID's is totally beyond me. I can see why they may have suspects UDID info but if there is no reason to have all of them. You can't tell me all 12 million are a suspect in some crime.
b) not able to securely maintain their records. Yet another reason why in this day and age they should keep their information collecting to a minimum.
I have absolutely nothing to hide but could be subject to hacking efforts simply because the government is inept.
----------
I used this link, downloaded the text file and did a CTRL F search.
http://minus.com/l3Q9eDctVSXW3
So you're ok with the FBI somehow getting this information?
We still have no idea on how the FBI got the information.
It may have been:
1. directly from Apple.
2a. It may have been from some dev who collected the information
2b. The FBI gets it from the carrier
3. The FBI may have hacked Apple (AND I DON'T BELIEVE THAT).
1. Then the blame is rather obvious, isn't it?
2a+b. Should Apple be blamed for allowing devs collect and store this kind of information and/or sending the information so that it can be collected by a third party?
3. Should Apple be blamed for lousy security?
Edit: I'm not arguing that Apple is solely to be blamed.
I do hope there was more that you did rather than just download a file and search on it
I do hope you decrypted, decompressed and dearchived the file.
http://pastebin.com/nfVT7b0Z
Scroll down to "lulz and candy" and it tells you how to download the file.
You can also check if your device was included in the leak here: http://dazzlepod.com/apple/
4. The FBI retrieved evidence of a crime, then the laptop got nicked.
Sounds like incompetence not a crime.
http://dazzlepod.com/apple/
----------
How is information from 12,000,000 random iPhone users evidence from a crime?
And the laptop wasn't stolen, it belongs to an FBI agent and it was hacked through a Java exploit.
You do not need APNS Tokens unless you are monitoring. This token is not just information in a database, its information that should be protected unless you have a need to know it and authorization to use it. It is for monitoring.
http://developer.apple.com/library/...ionsPG/ApplePushService/ApplePushService.html
The FBI has your social security numbers, fingerprints, and a ton of other sensitive information - UDIDs are the least of our worries.