Wednesday, September 5, 2012

Check if your Apple UDID is among the ones Leaked

You can now check if any of your Apple devices’ UDID is among the one million Apple device Unique Device Identifiers (UDIDs) that were dumped online recently. The Next Web has come up with a search tool that can help you find out if your device’s UDID is among the ones leaked.

Hackers associated with the well-known hacktivist group, Anonymous, recently dumped one million UDIDs belonging to Apple devices online. In the Pastebin dump, where the hackers from AntiSec dumped the UDIDs, they reveal that the original file carried information from around 12,000,000 devices, but they found a million of them to be enough to leak online.

The search tool allows you to input a part of your UDID and searches the database of the one million leaked UDIDs for matches. You can enter your complete UDID too, but The Next Web states that since the tool does not operate via a secured connection, it is advisable to input only a part of your device’s UDID. If you need help in figuring out how to get your UDID, click here.

“To check your device, just input your UDID/UUID into the form and we’ll run it against the database. The more characters you enter from your UDID, the more accurate your result will be. We do not store UDIDs entered, but as this is not transmitted over SSL, if you are concerned about your security, please enter just part of your UDID,” The Next Web states.
AntiSec states that the UDIDs were recovered from an FBI agent’s laptop. "We trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc. not all devices have the same amount of personal data linked. some devices contained lot of info. others no more than zipcodes or almost anything. we left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset," the Pastebin dump reads.

According to the Pastebin dump, in the second week of March this year, a Dell Vostro notebook that was being used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team had been broken into, using the AtomicReferenceArray Java vulnerability. During a shell session, they downloaded some files from one of the folders on Stangl’s desktop called NCFTA_iOS_devices_intel.csv. This file contained data about 12,367,232 Apple iOS devices, including Unique Device Identifiers (UDID), user names, names of the devices, types of the devices, Apple Push Notification Service tokens, zipcodes, cellphone numbers, and addresses.

The hackers make it quite clear that did not appreciate the concept of UDIDs right from the beginning. "Really bad decision from Apple. fishy thingie," they add.
Source : Link


Post a Comment