Apple Denies FBI Had Access To UDIDs 104
First time accepted submitter WIn5t0n writes "Just a day after the alleged leak of 12million Apple UDID's, both Apple and FBI have denied the story that Anonymous, a global hacking community, gained access to the files by hacking into an FBI laptop through a Java vulnerability. Earlier this morning the FBI claimed that, even though the agent cited in Anonymous's story is an actual FBI operative, neither he nor anyone else in the agency has or has had access to Apple device information. This afternoon Apple followed up on the FBI's statement, with an unidentified Apple representative claiming that, 'The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization.' It should also be noted that while the hackers claim to have accessed 12 million UDID's, only 1 million were publicly released. The Apple representative who made the previous statements also said that, 'Apple has replaced the types of identifiers the hackers appear to have gotten and will be discontinuing their use.' Even though neither Anonymous nor the FBI/APPLE will admit where the data actually came from, it does appear that at least some of the leaked UDID's are legit and can be tied back to current, privately owned devices. So far no information besides the devices UDID, DevToken ID, and device name has been released, however the original hackers claimed that some devices were tied to details as exact as phone numbers and billing addresses."
Need some proof (Score:4, Interesting)
Anonymous claims to be a bunch people with like aims and no leadership. So this may be just some person who happened to get hold of the info and published it claiming to be Anonymous or Anti-sec or whomever. The claim that the data came from the FBI is unsupported - proof would be some additional data from the same system such as logs, etc. which have not been produced.
My personal guess is that the most likely source is some social networking site and the guy is saying it's the FBI as some sort of disinformation. It's possible but unlikely that both Apple and the FBI are outright lying about the source. There are all sorts of other possibilities.
Re:Need some proof (Score:3, Interesting)
Anonymous claims to be a bunch people with like aims and no leadership. So this may be just some person who happened to get hold of the info and published it claiming to be Anonymous or Anti-sec or whomever. The claim that the data came from the FBI is unsupported - proof would be some additional data from the same system such as logs, etc. which have not been produced.
My personal guess is that the most likely source is some social networking site and the guy is saying it's the FBI as some sort of disinformation. It's possible but unlikely that both Apple and the FBI are outright lying about the source. There are all sorts of other possibilities.
I wonder who it is who claims to have Mitt's tax returns. The extortion attempt is out of character for the usual gang of kiddies.
Report of Romney tax records on the loose [sfgate.com]
Re:But Anonymous has? (Score:4, Interesting)
Every app for themselves (Score:5, Interesting)
So what types of identifiers do the use now
They don't. Each app has to use it's own, that way they are not the same across applications on the same device.
and what's the purpose of them anyway?
Mostly they are useful to permit specific devices to run development builds.
Over time some applications started to use the UDID as a weak kind of authentication, so a user would not have to log in or create an account. That's fine at first, but then you run into the problem if someone sells a device it would seem like the original user to the application.
Some did use it for simple tracking, to try and understand the chain of commands a single user was doing across sessions. I believe some advertising systems did use them also, and then they could use them to track who was the same person across apps... that cannot be done anymore in iOS6.
Can you override/deactivate them?
Before, no. In the new system if you delete an app it should have to regenerate a new unique ID (if it even uses one).
Re:But Anonymous has? (Score:4, Interesting)
Or, it could simply mean that the FBI didn't get the information from Apple, but from some 3rd party.
Given AT&T's [cnet.com] previous complicity with government privacy intrusions, it might not be too far to go to suspect that the FBI got the information from them.
Just to clarify, this is complete speculation with no evidence to back it up.
He-said, she-said (Score:4, Interesting)
So, the FBI says "we didn't have that information". Apple says "The FBI never requested that information from us". Anonymous says "The FBI had the information".
What I'm getting from this:
* You can't trust any of these organizations to be 100% honest, but they all frequently integrate a bit of truth with each lie, so you can't completely disregard what any one of them says.
* Any, and up to two of them concurrently, could be telling the whole truth, but given their individual track records with honesty, you can't take what they're saying at face value.
One possibility is that the FBI did have the information, that they did not go about getting it through "legal" channels, and that Apple did not know that the FBI had the information. Anonymous "liberating" the information could be their way of forcing everybody's hands about dishonesty, government-instigated corporate espionage, and information security on a massive scale.
Another possibility is that the FBI acquired the information via legal channels and that Apple and the FBI don't want to admit it because the social and political repercussions. Again, Anonymous plays the same role as in the above scenario.
Yet another possibility is that Anonymous "acquired" the information from sources other than the FBI and are using it to rattle somebody's cage or play some type of misdirection.
In the end, data that was thought to be secure was made public, and this has put more than a few people's feet on the fire for it.
The sad thing is that it probably won't be known for sure who's telling the truth because each organization won't want to show more of their hand than they already have. This means that the problems that led to this, whatever and wherever they may be, probably won't be fixed.
Drat and bother, or how to solve this mystery (Score:5, Interesting)
This all a bunch of nonsense! This was probably just a list from a given vendor. Track this down by doing the following:
Look for the ID's and find the most recent date one that you can. That gives you the date range that this is relevant for.
Look at the ID's and match them to locations? Are they all from the US? That might give credence to FBI angle (which I think is bullocks).
Look at the ID's and start matching users.
Look for commonality between said users, this far too large of a list of users to simply be a list of OWS protestors (sorry, if OWS was ever that large on just apple users alone OWS would have succeeded instead of being a punch line). Your doing this just to exclude conspiracy theories like a national we spy on people with shiny toys conspiracy theory.
Once you've concluded that there isn't anything in common between most of these people you can't start the real work:
Start matching the common thing or applications between those users. You will probably discover something really benign like they they all have AT&T accounts that belong to the western part of the US or they all have the Twitter application or something really boring.