apple udid hack

1 million Apple Unique Device Identifiers (UDIDs) have been hacked and posted by an online hacker group associated with Anonymous, by breaching FBI security.

UDID’s are unique numbers to identify each Apple Inc. (NASDAQ:AAPL)’s iOS device and have been used by developers to track their app installations among the Apple users.

The hacking group claims to have hacked more than one million UDIDs, including user names, addresses, and notification tokens, by breaking into a laptop used by an FBI agent. Not only this, but the group also posted on Pastebin, explaining the details of its act of hacking the FBI agent’s laptop:

“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached, using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder, one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices, including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Inc. (NASDAQ:AAPL) Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. The personal details fields referring to people appear many times empty leaving the whole list incomplete in many places. No other file on the same folder makes mention about this list or its purpose.

The group claims that it has posted the data out of suspicion the FBI was using the UDIDs for unethical purposes; such as people tracking, as well as to protest the use of UDIDs in general.

“We always thought it was a really bad idea, that hardware coded IDs for devices concept should be erradicated from any device on the market in the future.”

The hacking group also said that they have more than 12 million UDIDs, but they are posting only 1 million and they’re leaving out personal information such as full names, cell numbers, and addresses.

“We left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. The DevTokens are included for those mobile hackers who could figure out some use from the dataset.”

The post also answers the question of why hackers resorted to such act. The post read “We never liked the concept of UDIDs since the beginning indeed. Really bad decision from Apple Inc. (NASDAQ:AAPL) fishy thingie.”

The hackers sounded as if they were against the idea of UDID’s being used by FBI to infiltrate the personal space of the citizens.