Backgrounder: Apple device IDs hacked - What you need to know

A hacktivist group has published more than a million Apple device UDIDs acquired from a hacked FBI laptop. Is your iPhone or iPad at risk?

A hacker collective known as AntiSec has published over a million Apple device IDs that it claims were captured from the laptop of an FBI agent. If you own an iPhone or iPad, you might be wondering what this hack means to you, and you might also be curious about why the FBI had your Apple UDID in the first place.

The information was acquired and released by the hackers as a political statement. The lengthy diatribe posted on Pastebin along with the hacked Apple ID info rants about government oppression and hypocrisy.

While the group has published one million and one hacked Apple device IDs, it should be given at least a little credit for restraint. The details stolen from the FBI laptop included more personal information as wellsuch as full names, cell phone numbers, addresses and zip codes.

According to the letter from AntiSec, there were approximately 12 million Apple device IDs stored in the file on the FBI laptop. It chose to release just a portion rather than publishing all 12 million. AntiSec could have simply published the data it acquired without scrubbing it first, but the point its trying to make is against the government and the FBInot the individuals whose information happened to be in the hands of the FBI.

Andrew Storms, director of security operations for nCircle, stresses that the Apple device UDID information itself doesnt really pose a risk to users. UDIDs in isolation arent a big deal. In fact, Apple used to permit apps to spew UDIDs all over the place, so theres a lot of UDID data already in the public domain. For a while, there were a lot of apps using UDID and personal data to track users activity and selling it to advertisers.

But, the hack of an FBI laptop yielding information on 12 million Apple devices does bring up another very valid question. As Storms puts it, This release does make you wonder what the heck the FBI and the DOJ were doing with 12 million UDIDs. Are they working on a case involving Apple or an app maker? And, assuming there is a legitimate reason for the FBI to have this data, why wasnt it better protected?

I have reached out the FBI Office of Public Affairs seeking an official explanation or statement regarding why the FBI was in possession of the Apple device UDID information at all, as well as whether or not there should have been stronger protection in place to guard such sensitive data. As of this moment, the FBI has not yet responded.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place