X

Apple data hack denied by FBI

Hackers claim to have stolen 12 million unique iPad and iPhone 5 codes from an FBI laptop, a claim denied by the US agency.

Richard Trenholm Former Movie and TV Senior Editor
Richard Trenholm was CNET's film and TV editor, covering the big screen, small screen and streaming. A member of the Film Critic's Circle, he's covered technology and culture from London's tech scene to Europe's refugee camps to the Sundance film festival.
Expertise Films, TV, Movies, Television, Technology
Richard Trenholm
2 min read

Oh no UDIDn't -- hackers claim to have stolen 12 million unique iPad and iPhone 5 codes from an FBI laptop, a boast that's been denied by the US crime-fighting agency.

Hackers claiming to be a part of the AntiSec collective, a subsidiary of the amorphous Anonymous movement, claims to have nabbed 12 million unique identifiers, known as UDIDs, along with names, addresses and other personal information. To prove it they've released 1,000,001 UDIDs, albeit with the personal information removed.

But the FBI denies both that its security has been breached or that it ever collected such personal information. The Bureau reckons, "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Security experts say the UDIDs are real, but it's unclear if the FBI was indeed the source. The hack is said to have exploited a Java vulnerability in the laptop of a specific Special Agent, who would have had to click a malicious link to allow hackers to take control of the computer and root about for interesting tidbits. If they found anything on the X-Files they're keeping it quiet, but if the UDIDs are genuinely from a G-Man's laptop it implies the FBI could in theory track owners of Apple devices.

The unique identifier is like a digital serial number for each Apple device -- separate to the hardware serial number of the physical device. It's a 40-number sequence of letters and numbers that you're unlikely to ever need, unless an app needs access to your device for doing something like testing a beta version of an app that isn't in the iTunes App Store yet.

Don't freak out though. "Having someone's UDID alone does not permit an attacker to actively attack and control your phone," says security expert Chris Valasek of analysts Coverity. "There may be personal privacy concerns, such as location tracking or account hijacking, but while a dump of UDIDs is not good it should not provoke panic."

To find the UDID of your Apple device, plug it in to your computer and fire up iTunes. On the summary screen, click on serial number and it'll change to showing you the identifier. Click Edit > Copy and Bob's your UDID.

Tell me your thoughts in the comments or on our Facebook page.