Tuesday, September 4, 2012

How to Check if Hackers Got your Apple Device UDID?

Hackers operating under the Anonymous umbrella have leaked more than 1 million Apple iPhone and iPad IDs, which were allegedly swiped from the FBI. On Monday, the Antisec arm of the hacker collective said it had released 1,000,001 unique device identifier numbers (UDIDs) used by Apple, app developers, and ad networks to label iPhone and iPad users.

Image and video hosting by TinyPic

The hackers posted a lengthy message on Pastebin with links to data culled from a larger database of more than 12 million users' personal information. In its message on Pastebin, AntiSec said it had obtained the numbers from the a Dell Vostro laptop allegedly belonging to an FBI special agent named Christopher Stangl from the FBI Regional Cyber Action Team in New York. In 2009, Mr. Stangl appeared in a Facebook promotional video titled “Wanted by the FBI: Cyber Security Experts” that encouraged hackers to get involved with the F.B.I. He was also one of 44 law enforcement agents invited to participate in the F.B.I.-Scotland Yard conference call that hackers intercepted.

Andy Greenberg from Forbes downloaded and decrypted the encrypted files. While there is no simple way to confirm the authenticity or source of the data, he found an enormous list of 40-character strings composed of numbers and letters A through F.

Each line comes with what Anonymous says is an Apple Push Notification badge, as well as a username and a note signifying the accompanying device.

Image and video hosting by TinyPic

"We decided we'd help out Internet security by auditing [the] FBI first," the Antisec message said.

The hackers trimmed out personal data like full names, cell numbers, addresses, and ZIP codes, but left one main column that included enough information to help users see if their information was listed or not, the group said. Antisec clarified that there are no plans to use the obtained data  in any way to harm end users.

"We have learnt it seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details and info and who the [expletive] know what the hell are they experimenting with that', well sorry, but nobody will care," they said.

The data was breached using a vulnerability in Java, according to Antisec, which also reiterated its support for WikiLeaks and its editor, Julian Assange, who was recently granted political asylum by Ecuadorean officials.

In their statement, the hackers said they would not grant any interviews about the breach until a reporter for Gawker, Adrian Chen, posed for his employer’s site, for a full day, in a ballet tutu with a shoe on his head. On Tuesday evening, Mr. Chen complied. “There’s me in a tutu,” he wrote in a blog post with accompanying photos. “Get used to it because it’s going to be up until around 6:30 p.m. tomorrow.”

Image and video hosting by TinyPic

TheNextWeb tech team has put together a tool to help you check if your device has been compromised by Anonymous hackers. To check your device, just input your UDID/UUID into the form and check it against the published database on the following page. If you need help to identify what is your UDID, you can follow the simple steps, proposed by WhatsmyUDID:
  • Open iTunes.
  • Connect your iOS device to your computer.
  • Select it from the Devices column.
  • Click on a device serial number to reveal its UDID.
  • Copy the number anywhere for future use.

If you need assistance on how to find the number, visit WhatsmyUDID and follow the slideshow with related screenshots.

Image and video hosting by TinyPic

Sources and Additional Information:

No comments: