FBI Denies Claims of Hacked UDID Apple Database from Agent’s Laptop

Federal Bureau of Investigation

Source: Federal Bureau of Investigation | Wikipedia

Less than one day after hacker group AntiSec claimed that they’ve found more than 12 million Apple unique device identification numbers on a rumored compromised agency laptop, the Federal Bureau of Investigation refuted the claims and denied the group’s allegations.

Leaked Apple UDIDs

Last Tuesday, AntiSec published what they claimed as 1,000,001 unique device identifiers that belong from cellular-enabled Apple iPhones and iPad. The group even added that the leak is just a small portion of more than 12 million unique IDs that were allegedly stolen from an FBI laptop.

They also noted that the leaked UDIDs have varying amounts of associated personal data. This includes zip codes and other comprehensive data sets, such as full names and addresses. It was stated that the UDIDs were discovered and lifted during the breach of an FBI agent’s notebook. According to their post:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned up to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), users names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

Users’ UDID codes are available to app developers, although they only have limited access, and it usually doesn’t include personal information. In relation to this, Apple announced last August 2011 that it will be ending UDID access with iOS 5, effectively ending issues on OS-wide user tracking.

On the other hand, the agency denies the claims, pointing out that there’s no evidence that ties them to the said UDID leak.

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

However, the agency’s denial raises questions of where the leaked UDIDs came from, as some of the unique identifiers were verified as legitimate. It will also be a wonder to many iDevice users how or why the agency is securing the Apple UDIDs. AntiSec, on the other hand, warned FBI that the leaked Apple UDIDs is just the beginning.

Leave a Comment