|Home » Industry Watch (» The Technological » Hall of Monkeys » Heroes Banquet)
Roundup: Apple UDIDs
'A lazy implementation.'
CUPERTINO (Rixstep) — Apple designers are having a good run of it. New Zealander Aldo Cortesi's been warning about Apple's issue with UDIDs for sometime, calling Apple's implementation 'lazy'. The scheme made it patently easy for websites and app makers to mine personal info. He even published an article exposing how easy it was to 'game' Apple's Game Centre.
Suddenly by 3 September it's no longer something AAPL fans can shrug off: AntiSec published 1,000,001 UDIDs belonging to Apple iPads and iPhones. The dump was part of a tranche of over 12,000,000 they'd got from a spreadsheet on the laptop of one FBI agent Christopher Stangl, who purportedly had user names, device names, device types, Apple push notification service tokens, zip codes, mobile phone numbers, and addresses.
If you want to better understand what UDIDs are all about, listen to Cortesi's interview (link below).
The Next Web have published a 'safe' way to see if your Apple UDID's been leaked - but this of course covers only the one million UDIDs published by AntiSec and not the over 12,000,000 in the hands of the FBI. So yes, it's somewhat lame.
But is it possible to know if your Apple UDID is in the hands of the FBI? Yes! That's easy!
- Do you own an Apple iPad or iPhone?
- You do? Then they've got it.
As simple as that.
Par:AnoIA: Decrypted AntiSec file
cortesi: How UDIDs are used: a survey
cortesi: Why the Apple UDID had to die
cortesi: The UDID leak is a privacy catastrophe
cortesi: mitmproxy: A 30-second client playback example
cortesi: mitmproxy: Breaking Apple's Game Center with replay
Pastebin: SPECIAL #FFF EDITION - ANONYMOUS
NBC News: Hackers leak 1 million Apple device IDs
PSKL: An Analysis of Application Transmission of iPhone UDIDs
The Next Web: Here's how to check if your Apple device UDID has been compromised by the AntiSec leak
CBS News: Anonymous hackers claim to have obtained 12 million iPhone and iPad IDs from FBI computer
Network Security Podcast: Interview with Aldo Cortesi