A group of hackers that call themselves AntiSec has announced that it supposedly compromised some 12 million Apple iOS Unique Device IDs or UDIDs along with Apple users’ personal data. AntiSec posted a million of those IDs on Pastebin with a thorough info on how they obtained the IDs from the laptop of an FBI staff – a Dell Vostro notebook of Supervisor Special Agent Christopher K. Stangl of the Regional Cyber Action Team and New York Office Evidence Response Team was hacked using the AtomicReferenceArray vulnerability on Java.
One file on his desktop folder was named “NCFTA_iOS-devices-intel.csv” and it contains some 12,367,232 Apple iOS devices, UDIDs, device names and types, user names, mobile numbers and a lot more. For a bit of info, Apple’s Unique Device ID – UDID is a series of 40 letters and numbers designated to a specific Apple device. Alone, UDIDs are practically useless but when used with iTunes passwords, billing info and the like, the hacked ID can spell disaster in a whole lot of ways. The Federal Bureau of Investigation has denied the statement of AntiSec that they were hacked but if there is some truth to AntiSec’s reports, a big question will point to the FBI: what were they doing with those UDIDs and Apple info? To check if your iPhone or iPad has been taken over, you need to know your UDID by plugging your device to your computer and launch iTunes.
Hover to the left portion of the screen and your device should show.
Click to open
Certain info should be available including your device name, available space and a serial number and by clicking on the latter, your UDID should appear. If this is too much, WhatsMYUDID.com can be useful as well as certain apps on the Apple App Store that can email you your UDID. LastPass holds the info if you are one of those unfortunate enough to have their UDID hacked. On a more sad note, Storms said that if your UDID is one of those leaked in the hack, there isn’t much you can do “unless you want to spring for a new phone” and that “it’s pretty likely that your UDID is already in the public domain.”