Apple Denies Giving UDIDs to FBI

Source: The new iPad and iPhone 4S | Apple

After the hacking group AntiSec claimed that they were able to obtain more than 12 million unique identifiers for Apple devices from a compromised FBI laptop, the Cupertino-based company issued a statement saying that it did not provide any UDIDs to the agency. According to the company’s spokesperson Natalie Kerris:

The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionaly, with the iOS 6 we introduced a new set of APIs meant to replace the use of UDID and will soon be banning the use of UDID.

Users’ UDID codes are available to app developers, although they only have limited access, and it usually doesn’t include personal information. In relation to this, Apple announced last August 2011 that it will be ending UDID access with iOS 5, effectively ending issues on OS-wide user tracking.

AntiSec and the Compromised Apple UDIDs

The company issued the statement after AntiSec leaked one million UDIDs for iPhone and iPad earlier this week. It said that the identifiers were stolen from a compromised FBI laptop and that it total to almost 12.4 million UDIDs.

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned up to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), users names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

On the other hand, the agency denies the claims and points out that the hacker group’s accusations were false. They have also distanced themselves from gathering private information, saying that there’s no evidence pointing the FBI with the rumored UDID leak. Based on their official statement:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

In response to this, AntiSec warned the agency that the leaked Apple UDIDs is just the beginning. Meanwhile, this news could have an implication on buyers’ reception of Apple’s next-generation iPhone, but that’s something that remains to be seen.

Leave a Comment