Techlicious editors independently overview merchandise. To assist help our mission, we could earn affiliate commissions from hyperlinks contained on this web page.
UPDATE 9/10/2012: Paul DeHart, CEO of the Blue Toad publishing firm, instructed NBC News that its million-record database of UDIDs was stolen inside the final 2 weeks and that there was a 98 p.c correlation between its dataset and the one the hacker group Nameless claims it stole from an FBI agent’s laptop computer in March.
This week the hacker group often known as AntiSec released a list of 1 million UDIDs—Distinctive System Identifier numbers related to Apple cellular units—which it says got here from a group of 12 million UDIDs lifted from an FBI agent’s laptop computer.
The whole authentic file additionally accommodates consumer names, title of gadget, kind of gadget, APNS tokens, ZIP codes, cell phone numbers, addresses, and extra. AntiSec’s launch doesn’t embody this private data and the hacker group says it solely desires the general public to know that the FBI makes use of such data to spy on folks.
Apple says it by no means gave the FBI any such data whereas the bureau itself issued a statement denying the info got here from them. “The FBI is conscious of revealed experiences alleging that an FBI laptop computer was compromised and personal information concerning Apple UDIDs was uncovered. Right now, there is no such thing as a proof indicating that an FBI laptop computer was compromised or that the FBI both sought or obtained this information,” it says, in a remarkably brief and obscure reply to an issue of this magnitude.
The place did the Checklist Come From?
An Apple spokesperson instructed the web page AllThingsD that “The FBI has not requested this data from Apple, nor have we offered it to the FBI or any group. Moreover, with iOS 6 we launched a brand new set of APIs meant to interchange using the UDID and can quickly be banning using UDID.”
If that’s true and assuming the checklist wasn’t gleaned from some type of hack into Apple or different firm, the following most definitely wrongdoer is an app developer. Right here’s why:
The UDID is an alpha-numeric string of characters that tells Apple and builders which gadget is yours to allow them to do issues like push alerts to your cellphone, serve you advertisements and preserve monitor of your preferences. Following privateness considerations Apple has cracked down on builders that monitor customers through the UDID as a result of it discovered that along with the identifier some builders had been additionally garnering private consumer information. Which means any variety of builders with greater than 12 million customers might have compiled the info the FBI agent supposedly had on his laptop computer.
One other clue the checklist is app-related was tweeted by AnonymousIRC (AntiSec is a subset of the unfastened hacking collective known as Nameless) and proven right here.
A number of individuals are attempting to determine which of them could be suspect. For example, anybody who finds their gadget on AntiSec’s checklist can now assist clear up the thriller by finishing an online survey that seeks to find out which apps are widespread to these listed.
Is Your System on the Checklist?
First, it’s good to decide the UDID of your Apple gadget. You are able to do that by connecting it to iTunes. From there, click on in your gadget’s title within the left-hand column and on the correct you may see system information, together with your serial quantity. Click on on it to indicate your UDID.
Alternately, you should use an app to determine it out. Simply go to the iTunes Retailer and seek for “UDID.” A slew of choices can be found for obtain.
The Subsequent Net has posted a UDID checker. You’ll be able to access the site anonymously by utilizing a Net proxy like Anonymouse.org or HideMyAss.com. In fact your ID may very well be one of many 11 million that hasn’t been launched, so it will solely affirm that you’re on the checklist.
Whereas it’s at all times dangerous to belief something a hacker says, one other expletive-ridden statement surfaced at present supposedly from AntiSec that offers some cryptic clues to authenticate what it says it discovered on the FBI agent’s laptop computer. In response to the put up, the group is being cautious with what data it releases as a result of, mainly, it doesn’t need to get caught. Within the message, the particular person stated extra data will likely be forthcoming however it is going to be on the group’s timeline and nobody else’s.
However the FBI’s denial leaves quite a bit to the creativeness by way of brevity and vagueness. Doesn’t it form of sound like they’re saying “Show it”? And even when any such stolen information didn’t technically come from an FBI-owned laptop computer, couldn’t it have been saved on an agent’s private machine?
Why Would the FBI Need This Data?
That’s probably the most fascinating query of all.
One safety researcher identified to The New York Times that the F.B.I. might have acquired the file as a part of a forensics investigation involving a separate information breach.
Then once more, there’s loads of proof the federal government desires to trace folks.
For instance, laws has been drafted by Congress that may make it simpler for the federal government to spy on folks. CISPA has already been handed within the Home of Representatives and its Senate counterpart, SECURE IT, is in committee. Whereas these payments purpose to guard the U.S. from cyberterrorism, additionally they would enable corporations to share consumer’s non-public information with the federal government and not using a warrant or any oversight.
There’s additionally a landmark case through which the Supreme Courtroom in January dominated unanimously that police and the FBI violated the Fourth Modification after they secretly hooked up a GPS tracker to a person’s automotive and tracked him for a month.
“However now the federal government — as a substitute of fixing the way in which it conducts this type of invasive surveillance — has merely set its sights on one other option to receive folks’s location data: their cell telephones,” writes the ACLU in a statement.
The defendant is being retried and final week his lawyer stated that prosecutors have additionally obtained data exhibiting the situation and motion of his mobile phone over the course of 5 months.
“For the reason that GPS information from Jones’s automotive was thrown out by the Supreme Courtroom, it appears the prosecution intends to make use of Jones’s mobile phone information to get one other chew on the apple. Just like the GPS gadget on the automotive, the federal government was capable of receive the mobile phone data and not using a possible trigger warrant. As an alternative, it solely needed to declare that the info was ‘related and materials’ to an ongoing investigation,” the ACLU factors out, including that after investigating public data the civil liberties watchdog group discovered that tons of of regulation enforcement businesses interact in mobile phone monitoring regularly, lots of which achieve this and not using a warrant.
The ACLU says pending laws in Congress, titled the Geolocation Privateness and Surveillance (GPS) Act, would require regulation enforcement brokers to acquire a warrant with a view to entry location data.
Wish to help it? The ACLU has a slick tool on its web site that can ship a message to your legislators.