Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Denies FBI Had Access To UDIDs

samzenpus posted more than 2 years ago | from the not-our-fault dept.

Security 104

First time accepted submitter WIn5t0n writes "Just a day after the alleged leak of 12million Apple UDID's, both Apple and FBI have denied the story that Anonymous, a global hacking community, gained access to the files by hacking into an FBI laptop through a Java vulnerability. Earlier this morning the FBI claimed that, even though the agent cited in Anonymous's story is an actual FBI operative, neither he nor anyone else in the agency has or has had access to Apple device information. This afternoon Apple followed up on the FBI's statement, with an unidentified Apple representative claiming that, 'The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization.' It should also be noted that while the hackers claim to have accessed 12 million UDID's, only 1 million were publicly released. The Apple representative who made the previous statements also said that, 'Apple has replaced the types of identifiers the hackers appear to have gotten and will be discontinuing their use.' Even though neither Anonymous nor the FBI/APPLE will admit where the data actually came from, it does appear that at least some of the leaked UDID's are legit and can be tied back to current, privately owned devices. So far no information besides the devices UDID, DevToken ID, and device name has been released, however the original hackers claimed that some devices were tied to details as exact as phone numbers and billing addresses."

Sorry! There are no comments related to the filter you selected.

But Anonymous has? (5, Funny)

thegarbz (1787294) | more than 2 years ago | (#41241149)

So Apple says that the FBI doesn't have access to UDIDs but a bunch of script kiddies do? Is this a really poor reflection on the abilities of the FBI or do Apple's PR people have an IQ matching the number of buttons on the magic mouse?

AntiSec (1)

thegarbz (1787294) | more than 2 years ago | (#41241161)

but the point is still the same.

Re:AntiSec (3, Funny)

ackthpt (218170) | more than 2 years ago | (#41241247)

but the point is still the same.

The spirit of Sargeant Shultz lives on.

"Colonel Hogan! I know nothing! Nothing!"

Re:AntiSec (0)

Anonymous Coward | more than 2 years ago | (#41244557)

In order for them to have APNS Tokens a APNS Token will have had to be generated by Apple. That only happens when an APP asks for push notifications.

Apple will be able to determine the app by using any one of the APNS tokens that were released.

We should be asking >WHAT APP WAS HACKED

Re:AntiSec (1)

lhunath (1280798) | more than 2 years ago | (#41244827)

I was wondering whether anyone sensible was awake on slashdot.

The list contains APNs Tokens (NOT "DevToken ID"s, whatever the heck that's supposed to mean). Which means the information comes from an APN-enabled application. Any app can get the device's UDID. Apple isn't explicitly involved. There wouldn't have been any APNs Token.

Whether the information was collected by the FBI, or obtained by the FBI as part of some investigation or whatever other means remains unknown, but I for one am really curious WHO BUILT THE APP that collected all of this information. If you want to point fingers, answer that question instead.

Re:AntiSec (0)

Anonymous Coward | more than 2 years ago | (#41251795)

and who okay-ed the app to be published in the app store... o wait

Re:But Anonymous has? (4, Insightful)

MBCook (132727) | more than 2 years ago | (#41241219)

Or, it could simply mean that the FBI didn't get the information from Apple, but from some 3rd party.

Re:But Anonymous has? (3, Interesting)

arbiter1 (1204146) | more than 2 years ago | (#41241275)

or they did and apple realized their PR lately been pretty bad with whole Samsung trail which as each day comes is showing how bad the jury messed that up. Apple gonna say what ever is in their best interest as if they gave all that info to the FBI it would be a major privacy issue since its pretty much tracking millions and millions of people.

Re:But Anonymous has? (3)

ackthpt (218170) | more than 2 years ago | (#41241441)

or they did and apple realized their PR lately been pretty bad with whole Samsung trail which as each day comes is showing how bad the jury messed that up. Apple gonna say what ever is in their best interest as if they gave all that info to the FBI it would be a major privacy issue since its pretty much tracking millions and millions of people.

More like Apple doesn't care about their PR, but they do insist they didn't cooperate with the FBI, the FBI insists Apple didn't cooperate with them and it's all possibly true or possibly false. If any of the released stuff actually works, it'll put the lie to both of them, which is as embarassing as it is funny.

Re:But Anonymous has? (0)

arbiter1 (1204146) | more than 2 years ago | (#41241811)

are you sure apple don't care about PR? all bad PR over samsung case has sent thousands of ppl buying samsung sIII phones which means all those ppl won't most likely buy the new iphone in a few weeks.

Re:But Anonymous has? (1)

Keen Anthony (762006) | more than 2 years ago | (#41242031)

What bad PR? The vast majority of consumers did not follow the case and were either blissfully unaware or apathetic about it. Apple hasn't in the least been bruised by this except amongst a small faction of consumers that use their spending to stick it to companies they don't like. If you bought an SIII because of Apple's lawsuit, then you probably would have bought some Android anyway. Even if those people don't buy an iPhone 5, there is a huge number of people who will. It's expected that iPhone 5 sales will be huge. Remember, there's a huge number of iPhone 4 and earlier owners who did not switch to the 4S and have been waiting.

Re:But Anonymous has? (1)

Anonymous Coward | more than 2 years ago | (#41243705)

https://plus.google.com/u/0/114476892281222708332/posts/246srfbqg6G [google.com]

http://apple.slashdot.org/story/12/08/30/1634234/side-effect-of-the-apple-v-samsung-trial-increased-sales-for-samsung [slashdot.org]

It has nothing to do with people wanting to "stick it to companies they don't like" and everything to do with Apple saying that Samsung's devices are as good as Apple devices and people listening and wondering why should they pay so much more for something of the same value.

Re:But Anonymous has? (-1)

Anonymous Coward | more than 2 years ago | (#41244055)

This article is 100% pure wishful thinking. I mean

So, I obliged, and showed him a few things. He commented on Windows 7, so I opened up my virtual machine of OS/X

I don't know what the fuck OS/X is, but if he meant OS X, how is that even legal? AFAIK Apple only permits running their OS in a VM on their hardware.
So he fooled some technically illiterate person into believing he could run Mac OS X on any hardware without trouble. But what does it have to do with Samsung?

http://apple.slashdot.org/story/12/08/30/1634234/side-effect-of-the-apple-v-samsung-trial-increased-sales-for-samsung [slashdot.org]

It has nothing to do with people wanting to "stick it to companies they don't like" and everything to do with Apple saying that Samsung's devices are as good as Apple devices and people listening and wondering why should they pay so much more for something of the same value.

No, it doesn't. If that is as always units shipped vs units sold, it might be based on retailers realizing there would be no sales ban, it has nothing to do with bad PR, most people outside Slashdot just don't give a fsck.

Re:But Anonymous has? (1)

Keen Anthony (762006) | more than 2 years ago | (#41244137)

Thank you for the links. The first link, a blog post by the co-founder of JibJab isn't really proof of anything; nor is a Forbes story pointing out that a number of people did go out and buy SIIIs immediately following the verdict. I should have been more clear. I'm sure there is some negative public reaction to the verdict, but I don't think it's substantial enough to have an actual effect. I would still bet that most cell phone consumers either did not follow this case, or didn't care. I brought up the topic often throughout the case, and outside of the domain of self-described tech enthusiasts who follow tech blogs and news sources, no one who owned either an iPhone or Android knew what was going on or particularly cared. I bet most of us can replicate this. The SIII is a cool phone, but if this sales boost is really indicative of a consumer shift, it will be something sustainable that we'll be able to observe months from now after the new iPhone 5 is out and Samsung has made an S-IV. Otherwise, we can probably discount this as a one-time market reaction.

If people are wondering why they should pay so much more for an iPhone vs the SIII, they're going to be underwhelmed if they go out tonight to shop. I just looked at Verizon, and the S-III 32GB is $249. The iPhone 4S 32GB is $299. $50 isn't a huge difference. Apple advertises the 32GB unlocked and off contract for $750. One store had the SIII for $750. Amazon has listings for $600 but original list price of $900. The SIII is not an inexpensive phone. I bet I can find an iPhone 4S at a discounted price somewhere, so again, the delta probably will remain similar. The iPhone 4S definitely has a premium.

Re:But Anonymous has? (1)

drkstr1 (2072368) | more than 2 years ago | (#41249319)

Not true. I had 2 very non-techy friends bring the topic up on different occasions. I was quite surprised too, because this is not a usual thing to hear them talk about. I think Apple will need to tread lightly, or PR will certainly become a problem for their image.

Re:But Anonymous has? (0)

Anonymous Coward | more than 2 years ago | (#41243753)

aall bad PR over samsung case has sent thousands of ppl buying samsung sIII phones

That is the most retarded thing I've heard in a while. Are you 15 or what?
Almost no one outside Slashdot is rebellious enough to buy the shit they don't want just because the company producing the shit they wanted fucked it up big time (and that is still overly biased).

Re:But Anonymous has? (1)

thetoadwarrior (1268702) | more than 2 years ago | (#41250395)

The iphone 5 isn't going to be sitting on shelves. So I don't think they care what a few people say online.

Keep in mind the internet does no reflect real life. Most gamers claim to have Call of duty and bitch about it being unoriginal and full of angry kids. it's still one of the top sellers despite hearing so many people claim they're boycotting it.

What makes you think they won't do it again? (1)

Taco Cowboy (5327) | more than 2 years ago | (#41245155)

If any of the released stuff actually works, it'll put the lie to both of them, which is as embarassing as it is funny.

It is not only embarrassing / funny, but also EXTREMELY WORRYING !!

It's entirely possible that the anonymous has somehow caught both Apple and FBI red handed, and accidentally revealed the secret relationship between FBI and Apple.

This time around they (Apple / FBI) can deny anything and everything - but what makes you think they won't do it again ?

What makes you think that Apple won't give FBI millions and millions more new UDIDs to enable FBI to snoop on iPhone / iPAD users?

Re:But Anonymous has? (0)

Anonymous Coward | more than 2 years ago | (#41241307)

Or, it could simply mean that the FBI didn't get the information from Apple, but from some 3rd party.

And, that's a POSITIVE reflection on Apple HOW?

Re:But Anonymous has? (4, Insightful)

AK Marc (707885) | more than 2 years ago | (#41241575)

the FBI got it from Anonymous. Somewhere, a catch-22 just died.

Re:But Anonymous has? (4, Interesting)

Anonymous Coward | more than 2 years ago | (#41241619)

Or, it could simply mean that the FBI didn't get the information from Apple, but from some 3rd party.

Given AT&T's [cnet.com] previous complicity with government privacy intrusions, it might not be too far to go to suspect that the FBI got the information from them.

Just to clarify, this is complete speculation with no evidence to back it up.

Re:But Anonymous has? (1)

phantomfive (622387) | more than 2 years ago | (#41242587)

Why would they want them?

Re:But Anonymous has? (0)

Anonymous Coward | more than 2 years ago | (#41243257)

Just to clarify, this is complete speculation with no evidence to back it up.

Good enough for the internet. This is now the official story.

Re:But Anonymous has? (1)

Sir_Sri (199544) | more than 2 years ago | (#41242619)

Or that the agent in question had the information from somewhere, and was just using an FBI supplied laptop for his own purposes.

Re:But Anonymous has? (0)

Anonymous Coward | more than 2 years ago | (#41243357)

Or it could be /. is full of naive noobs who got owned by antisec along with a big part of the media.

Re:But Anonymous has? (0)

Anonymous Coward | more than 2 years ago | (#41244199)

On one hand, I don't trust the FBI because it's part of their MO to lie to people. And I wouldn't put it past them to have gotten this from Apple, either. But I could also see them taking it from Apple, or getting it from a 3rd party like a phone Carrier or as part of an investigation into a hacking group.
On the other hand, i don't trust Anon either. Nobody should, including themselves, because they could be anyone and they can change.
It wouldn't surprise me if the FBI is full of shit. It wouldn't surprise me if Anon is full of shit. It wouldn't surprise if they were both full of shit, but partially telling the truth.

The only thing we DO know for sure, is that somebody got a hold of a LOT of ID's which are valid. So somebody fucked the poodle somewhere along the line, but as for who and where, it's pretty hard to say.

Re:But Anonymous has? (1)

tlhIngan (30335) | more than 2 years ago | (#41243707)

Or, it could simply mean that the FBI didn't get the information from Apple, but from some 3rd party.

This is probably it. Does the FBI have an app in the App Store? If so, that's where it could come from.

If not, there are plenty of social networks - from OpenFeint (aka Gree) to many others. Perhaps it came from Flurry? Or Admob? Or some popular developer like Gameloft? Or Zynga?

Thing is, the entire list of information is available to a developer so they can send push notifications or other things, so it probably didn't come from Apple, but from some other developer who either got hacked, or NSL'd, or just plain gave the FBI the information. Or it was a contractor laptop and that contractor worked at the FBI now, but worked for an iOS developer before.

Hell, if Apple gave out that information, it would probably be way more than 12M, and have way more information in it.

Re:But Anonymous has? (1)

bwcbwc (601780) | more than 2 years ago | (#41249197)

Plenty of other sources for both the FBI and Anon: wireless carriers, Databases owned by Apps that harvest the UDIDs (now a banned practice, but whatever), malware on jailbroken devices.

Also, perhaps the data actually came from another federal agency such as NSA, or said agent was moonlighting for another agency?

Every party in this mystery has reason to be secretive, so it's fertile ground for every type of conspiracy theory: Anon in league with FBI??

Easy to get UDID's (4, Insightful)

SuperKendall (25149) | more than 2 years ago | (#41241523)

So Apple says that the FBI doesn't have access to UDIDs but a bunch of script kiddies do?

Yes, that's in fact very easy to believe. All it would take is for the script kiddies to break into some server of an app that used UDID's for tracking users logged into an application that transmitted UDID's to the server as a kind of cookie... many developers used to do that, which is why Apple stopped allowing UDID's to be used by developers. It's really easy to believe a script kiddie stumbled on to such a list on some server.

The FBI wouldn't have a lit of UDID's unless they had some kind of official request for them, but then why only 12 million? Why would they be on a laptop instead of back in some server somewhere? I have no doubt the FBI could get such a list if they had a reason to, but really the UDID is of such little use to do anything with why would they?

In the end the thing that makes me doubt the source, the number of devices in the list is pretty small compared to the number of devices around, but is just about right to be the records from some application using the UDID as weak authentication...

Re:Easy to get UDID's (1)

rtb61 (674572) | more than 2 years ago | (#41242347)

A furious FBI attempts to tempt nobody and everybody ('Anonymous'), with a blanket denial, sniff, sniff, I smell a trap. Right at this moment the individuals involved have the advantage having sprung a surprise on the FBI, right now the FBI will be sniffing the network legally and illegally via the NSA to try to track the individuals involved. Now would be a could time to drop this particular game and while the FBI are so focused on it, 'peek' them some where else and keep the yucks going (although you would have to watch out for the "to good to be true stuff"). Kind of reminds you of the movie Hackers were the fun comes from peeking and poking agents although it was the secret service they were targeting in that movie.

For what? (4, Insightful)

SuperKendall (25149) | more than 2 years ago | (#41242425)

If these files had anything of any use to anyone, I would be suspicious right there with you.

But these files are basically useless. For around a year now applications cannot eve access the UDID or submissions to the app store will be blocked. In iOS6 it's totally blocked. That's the thing in the end that convinces me the FBI is not involved, because this data is of no real use to them at all, not even for keeping tabs of future mobile device use. And again, the number of devices they have here also makes very little sense in terms of being something the FBI would have collected - the FBI should have a complete list of hundreds of millions of devices, not just 12 million.

When things are confused, the simplest answer is usually correct. There is no simple answer as to how they were obtained from an FBI laptop or why the FBI would have such a pointless list of data, whereas anon skimming these files off some hapless server IS a very simple aswer as to how they have this data.

If it had names & addresses & SSN for everyone, then I'd start wondering. But this scattershot file of mostly useless identifiers is just pointless to risk the furor of Congress (who they will have to answer to if lying) to acquire.

Re:For what? (2)

tftp (111690) | more than 2 years ago | (#41242707)

the FBI should have a complete list of hundreds of millions of devices, not just 12 million.

SELECT * INTO agents_tbl FROM all_iphones_tbl WHERE <some_condition>;

Condition unknown (1)

SuperKendall (25149) | more than 2 years ago | (#41243253)

SELECT * INTO agents_tbl FROM all_iphones_tbl WHERE ;

Apple doesn't HAVE any way to query against that condition. They have ID's and names.

Which right away tells you the list was not from Apple, or ALL of them would have names.

So then you have some other large set of UDID's and names. Only that's all they have, ID's and names.

The only marginal use you could gain from such a list is if you have AS MANY ID/name pairings as possible, so on some future date if you had an ID you could look it up in your database.

Of course as noted, there is no possible future use of such a list since there will be no UDID to query against going forward.

Nothing about this list + the FBI makes any sense.

Re:Condition unknown (1)

nmos (25822) | more than 2 years ago | (#41244037)

What are these UDIDs used for? Could it be that these were collected from the owners via a Trojan app or web site or whatever?

Random things, not a trojan... (1)

SuperKendall (25149) | more than 2 years ago | (#41244139)

What are these UDIDs used for?

In testing you use them to select who can run test builds.

You USED to be able to use them in an app to tell when a person on the same device was contacting your server, as a shortcut for having them log in. But Apple ended that practice about a year ago.

Some ad networks were using them for tracking, again stopped about a year ago.

They are not used for anything anymore because Apple rejects apps that try and access the UDID.

That's the reason why the list is utterly pointless. It cannot be used going forward to correlate anything.

Re:Random things, not a trojan... (2)

tftp (111690) | more than 2 years ago | (#41245165)

That's the reason why the list is utterly pointless. It cannot be used going forward to correlate anything.

This leaves us with only two possibilities:

  1. The FBI agent had the database on his computer just for sh1ts and giggles; the database appeared there spontaneously - it just condensed out of randomness of the Universe - because nobody admits collecting it.
  2. Someone made that database for a purpose, and there is something that we don't know.

The paranoid in me tells me that the former is not very likely, but the latter is a near certainty.

Also note that if the table does not have the home address or the phone or the SSN of the owner then it means exactly nothing. The ID of the record can be a foreign key in some other table or a view. Or you can type a query with a JOIN simply by hand. That's how things are supposed to be [wikipedia.org] anyway. For example, one person owns two phones, or two people share one phone, or there are three family members and four phones that they carry interchangeably.

Also, if the 3rd party software is no longer allowed to use this data it does not mean that the OS itself cannot access it and use in some nefarious ways. Fact is, if the information is out there then it is (or was) used by someone for some purpose. If existence of the purpose is actively denied it only makes things worse.

Re:Random things, not a trojan... (1)

SuperKendall (25149) | more than 2 years ago | (#41250727)

because nobody admits collecting it.

Nobody admits it is THIER database, but scores of companies (including for instance OpenFeint) are publicly said they collected UDID values. It's not like it's not widely known there are a lot of companies that used to do so.

Also note that if the table does not have the home address or the phone or the SSN of the owner then it means exactly nothing.

You are insane. If it had some existing values like SSN, why not store that data for everyone f they really had the complete data? Ever hear of data normalization dipshit? Why would scattered values be stored in this table if they had a complete set elsewhere? Why would that mythical complete set not also have been on the supposed laptop? You invent the most complex web of fantasy just to try and make your theories arrive at a "fact" you have pre-determined to be true.

I'll let you have the last response, since you cannot see reason and clearly your tinfoil is more than askew.

Re:Easy to get UDID's (1)

Anonymous Coward | more than 2 years ago | (#41242547)

I was think of something along those lines too, that they found a list elsewhere and blamed it on the FBI. If so, it would be a rather epic trolling that should make many other trolls jealous. If they just announced where the list actually came from, most people would not care and it would get buried under other data breach news. But if they link it to the FBI, there are so many people in love with the idea of the US government being some all-powerful surveillance police state, that they will never let go of the story. No matter what else is shown or said about this, even if the leaker came out and said it was fake, you would have armies of people on the internet just insisting it was a cover up.

Re:But Anonymous has? (4, Insightful)

tooyoung (853621) | more than 2 years ago | (#41241947)

or do Apple's PR people have an IQ matching the number of buttons on the magic mouse?

Wait a minute...the magic mouse doesn't have buttons...

Re:But Anonymous has? (1)

thegarbz (1787294) | more than 2 years ago | (#41245125)

Kinda my point

Re:But Anonymous has? (1)

cavreader (1903280) | more than 2 years ago | (#41242099)

And why are you still determined to to take the script kiddies statement as pure truth? Most likely you have made up your mind who the real villains are and refuse to examine the veracity of of facts that don't support your world view. This type of mindless thinking only reveals your lack of intelligence.

Re:But Anonymous has? (1)

ganjadude (952775) | more than 2 years ago | (#41243225)

ok so this leaves 2 options

they both are lying, the most probable option

or

the FBI took the info from apple without permission

Re:But Anonymous has? (1)

mr100percent (57156) | more than 2 years ago | (#41244789)

Apple is saying they didn't give the data to the FBI. Maybe it came from a leak inside AT&T? They also have billing data.

From the paranoid.... (4, Insightful)

Anonymous Coward | more than 2 years ago | (#41241157)

Of course that is what they would say.

You are not allowed to say one way or the other if you have a National Security letter (demand) issued...

flabbergasted! (1)

friesandgravy (1086677) | more than 2 years ago | (#41241159)

Got it. Everybody denies everything. Any chance of this being subjected to any form of toothful scrutiny?

Re:flabbergasted! (1)

ackthpt (218170) | more than 2 years ago | (#41241205)

Got it. Everybody denies everything. Any chance of this being subjected to any form of toothful scrutiny?

It's about time to get that ol' Foobie Bletch scroll out and see what it says on it.

Re:flabbergasted! (1)

tooyoung (853621) | more than 2 years ago | (#41242033)

Well, a complication here is that these IDs were obtainable from a number of places in the past when they were still used. For example, you could grab them out of photos or URLs created by some apps. It is possible that someone was able to mine a large number of these, as the issue was fairly well known.

Notice, this isn't being presented as a security issue. Rather, the big news here is that the FBI would have a list of these IDs, implying that Apple was helping the FBI track users. That could be the case, or somebody could be trying to generate some really bad publicity for Apple.

Re:flabbergasted! (1)

Dunbal (464142) | more than 2 years ago | (#41242571)

Sure, Napolitano and the DHS will get right on it.

iOS6 (1)

buchner.johannes (1139593) | more than 2 years ago | (#41241173)

So what types of identifiers do the use now, and what's the purpose of them anyway?

Is it for advertisers to do behavioral tracking? Can you override/deactivate them?

Re:iOS6 (2)

MBCook (132727) | more than 2 years ago | (#41241237)

I believe the new suggestion is to generate your own GUID on install and use that. It wouldn't identify the phone, but only the specific installation of your software on that device. If the device's owner deleted your application and then re-installed it, you'd have a new GUID.

Re:iOS6 (5, Informative)

kallisti (20737) | more than 2 years ago | (#41241455)

They are used for identifying a specific device, which can be used in turn as a type of account id. Each application on the device is completely separate from the others, if you have an application such as a social network the user would need to login separately for every app. This in itself, isn't so bad, the problem is that applications can tie this information to create databases that might tie together things. For instance, OpenFeint was using the UDID for single sign-in. A researcher found that the profile pictures from Facebook contained the Facebook userid. If a user using OpenFeint was using the Facebook profile image, then that UDID could be used to find the Facebook profile. OpenFeint fixed that loophole immediately by obscuring the URLs, but the general problem remained, anyone could write an app to gather UDID information and many did.

How to deanonymize with OpenFeint [corte.si]

There isn't any way that a user can stop an app from reading the UDID, a jailbroken phone can change them IIRC.

In response, Apple deprecated the UDID. Although many places have said that Apple rejects apps that use UDID, this is not completely true. Apple started rejecting apps that used UDID but didn't tell you. There are still many apps collecting the information.

There are a few alternatives, with varying degrees of success:
* Each app makes a GUID, stores locally. Which works great for one-off apps, but doesn't allow multiple apps to collate data (either a benefit or drawback depending on who you are). It also means you will lose data on a reset.
* use a different ID, such as MAC. Essentially the same thing, with the same drawbacks, not recommended.
* Facebook and other networks have started using a Cookie stored in Safari. This means that the registration actually leaves the application and returns to it using a specially crafted URL. This way, each app can simply round-trip to Safari to grab the cookie. Complicated, but it works
* Use UIPasteboard. This is an API that allows you to store information that other apps can read. It's sort of a hack, but some libraries are using it.
OpenUDID [github.com] SecureUDID [github.com]

Re:iOS6 (2, Insightful)

Anonymous Coward | more than 2 years ago | (#41242507)

I still don't understand why they can't just generate a UDID per device per app—but always the same. Would solve some of the worse problems without affecting convenience that much.

Every app for themselves (4, Interesting)

SuperKendall (25149) | more than 2 years ago | (#41241567)

So what types of identifiers do the use now

They don't. Each app has to use it's own, that way they are not the same across applications on the same device.

and what's the purpose of them anyway?

Mostly they are useful to permit specific devices to run development builds.

Over time some applications started to use the UDID as a weak kind of authentication, so a user would not have to log in or create an account. That's fine at first, but then you run into the problem if someone sells a device it would seem like the original user to the application.

Some did use it for simple tracking, to try and understand the chain of commands a single user was doing across sessions. I believe some advertising systems did use them also, and then they could use them to track who was the same person across apps... that cannot be done anymore in iOS6.

Can you override/deactivate them?

Before, no. In the new system if you delete an app it should have to regenerate a new unique ID (if it even uses one).

Where DID they come from then. (2, Insightful)

MrDoh! (71235) | more than 2 years ago | (#41241175)

Someone's not being truthful about all this. Scary that my first thoughts are Apple and the FBI first over anonymous hackers! So they've got a million from /somewhere/ then. If not the FBI, next logical guess would be Apple, where else could they be from? (maybe a carrier? Are they all on the same network I wonder?)

Re:Where DID they come from then. (-1)

Anonymous Coward | more than 2 years ago | (#41241231)

my guess: the fbi paid apple for the data and was using it for a purpose that isn't legal. shocking i know

Re:Where DID they come from then. (1)

Anonymous Coward | more than 2 years ago | (#41241363)

My guess: they didn't pay

Re:Where DID they come from then. (1)

Anonymous Coward | more than 2 years ago | (#41241241)

They could easily have come from an advertisement service like AdMob, or a provisionig service like Test Flight - many places. strange that the Apple statement was from an "un identified" representative though.

Re:Where DID they come from then. (4, Informative)

MBCook (132727) | more than 2 years ago | (#41241257)

It could be from a 3rd party. Lots of applications were known to track UUIDs (and take phonebooks, etc). One of those companies could have given that data to the FBI (or had it taken as part of a search). Or the FBI could have gotten it from some criminal who obtained it by breaking into some company's computer. Or a rogue employee took it and gave it to someone.

Apple is hardly the only possible source of this kind of data.

Simpler theory (2)

SuperKendall (25149) | more than 2 years ago | (#41241583)

Which is more likely, that these guys were able to break into a specific FBI laptop, or into one of scores of servers that had this kind of list on it?

The simplest answer is they did not get it from the FBI at all, they just want to hurt the FBI by claiming they did. And they have lots of cause to want to screw over the FBI.

Re:Where DID they come from then. (0)

Anonymous Coward | more than 2 years ago | (#41241643)

Funny that I had to pass 300 conspiracy theories involving Apple and the FBI to get to the first likely conclusion.

Re:Where DID they come from then. (2)

jythie (914043) | more than 2 years ago | (#41241393)

It is possible they are both being 'technically' truthful. The filename indicated it was from NCFTA... so Apple could have sold them the data, and then it wasn't really the propert of the FBI so they did not own/have it....

Need some proof (3, Interesting)

Calibax (151875) | more than 2 years ago | (#41241181)

Anonymous claims to be a bunch people with like aims and no leadership. So this may be just some person who happened to get hold of the info and published it claiming to be Anonymous or Anti-sec or whomever. The claim that the data came from the FBI is unsupported - proof would be some additional data from the same system such as logs, etc. which have not been produced.

My personal guess is that the most likely source is some social networking site and the guy is saying it's the FBI as some sort of disinformation. It's possible but unlikely that both Apple and the FBI are outright lying about the source. There are all sorts of other possibilities.

Re:Need some proof (2, Interesting)

ackthpt (218170) | more than 2 years ago | (#41241235)

Anonymous claims to be a bunch people with like aims and no leadership. So this may be just some person who happened to get hold of the info and published it claiming to be Anonymous or Anti-sec or whomever. The claim that the data came from the FBI is unsupported - proof would be some additional data from the same system such as logs, etc. which have not been produced.

My personal guess is that the most likely source is some social networking site and the guy is saying it's the FBI as some sort of disinformation. It's possible but unlikely that both Apple and the FBI are outright lying about the source. There are all sorts of other possibilities.

I wonder who it is who claims to have Mitt's tax returns. The extortion attempt is out of character for the usual gang of kiddies.

Report of Romney tax records on the loose [sfgate.com]

Then Again... (0)

Anonymous Coward | more than 2 years ago | (#41241305)

It is also possible that your link and many others like it are intentionally written to cast doubt.

http://yro.slashdot.org/story/12/09/05/129217/fbi-denies-it-held-iphone-udids-stolen-by-antisec

It seems that we just can't trust anyone.

Suspicious Timing (0)

Anonymous Coward | more than 2 years ago | (#41241499)

Is it possible that the hackers generated the UDIDs using a script similiar to using a credit card generator to create credit card numbers?

Once you understand the series, patterns, or algorithms, you can self generate these numbers. This is a technique used by hackers to create credit card numbers, Long Distance carrier dialing codes, AT&T calling cards, and Software key generators, albeit they are laced with Trojan Horses.

I am suspicious on the the timing of the release of the UDID numbers, two weeks before the iPhone 5 product announcement and two weeks after Samsung loses a court verdict to Apple.

If the Hackers did indeed get real UDID numbers, it would be interesting to find out the percentage breakdown between carriers, models, and whether they are US and/or Foreign.

I am surprised that they did not release all 12 million UDID numbers.

Just for the record, I have an iPhone, an iPad, and several Android Tablets.

The next few weeks will be interesting.

Re:Need some proof (1)

InspectorGadget1964 (2439148) | more than 2 years ago | (#41241599)

“It's possible but unlikely that both Apple and the FBI are outright lying about the source”. I’m flabbergasted by your nativity

Re:Need some proof (0)

Anonymous Coward | more than 2 years ago | (#41241963)

Did you really mean "nativity"? Perhaps you were referring to the parent's virgin birth? That would be a good reason to be flabbergasted.

Re:Need some proof (1)

InspectorGadget1964 (2439148) | more than 2 years ago | (#41242673)

I hate spell checkers!

4chan (-1, Troll)

Anonymous Coward | more than 2 years ago | (#41241199)

4chan boasts 22million a month. Slashturd gets what? 10k?
 
If you're still lurking CmdrDildo? Lucky you got out just in time. Fuck this toilet bowl.

Hah! Denying It! (0)

Greyfox (87712) | more than 2 years ago | (#41241323)

Exactly what I'd expect someone who gave millions of unique device identifiers to the FBI to do! They must be guilty!

Re:Hah! Denying It! (0)

Anonymous Coward | more than 2 years ago | (#41242021)

I'm going to release a million credit card numbers from the 12 million I harvested from Android phones....

What about Facebook? (1)

ruiner13 (527499) | more than 2 years ago | (#41241465)

With all the government scrutiny over the FB IPO, perhaps they traded the data collected by their iPhone app, even if this was obtained from a government computer? Possibly some similar scenario with a different company? These IDs could have come from anywhere, any app. Maybe AT&T?

Amazing (-1)

Anonymous Coward | more than 2 years ago | (#41241521)

For a bunch of FOSS dorks who claim to hate Apple, you sure have a lot of articles about them.

I think they are living rent free in your heads. No wonder they make so much bank.

There is no privacy. (0)

Anonymous Coward | more than 2 years ago | (#41241541)

Of course apple track, log, sell, and divulge information to FBI and anybody else. that came out with the GPS tracking and logging info that was caught being sent back to Apple. Do a data trap on any Apple device and you find a constant stream of data back to their servers. Check files out like consolidated.db and the numerous log files. Yet alone the constant chatter between ios and Apple and the CarrierIQ software previously used for monitoring and logging phone use.
U.S. being U.S. and the FBI being the FBI then nothing is private.

More Information Regarding new ID system (2)

WIn5t0n (2723409) | more than 2 years ago | (#41241577)

Sorry guys, this should have been in the original post but somehow (whether by my revisions or another's) it was left out. First of all the Apple representative has been identified as Natalie Kerris. Kerris, while discussing Apple's removal of the UDID, says this, "Additionally, with iOS 6, we introduced a new set of A.P.I.’s meant to replace the use of the U.D.I.D. and will soon be banning the use of U.D.I.D.” . So currently all devices are still operating with UDID's, and will continue too do so until the entire program is removed once the GM of iOS 6 is approved and released, probably around early October

It's been said hundreds of times already... (0, Flamebait)

Revotron (1115029) | more than 2 years ago | (#41241631)

Any old fart app can pull the UDID and send it to a central server. It does NOT take much to push an app through, grab yourself some UDIDs, Google the name of some random FBI agent with a very important-sounding title, and attribute everything to your 1337 skillz.

I don't know what's more worrying: the fact that people still can't grasp this concept, or the fact that people take everything AntiSec says as gospel.

This is the third fucking Apple UDID story in 24 hours. Can we please move on to shit that actually matters?

It's been sad hundreds of times already too (1)

Zero__Kelvin (151819) | more than 2 years ago | (#41241999)

So your saying that the FBI probably create an "old fart app"? ;-)

Googling "Old Fart App" leads to a link with a Google ad as follows:

"Ads by Google:
Government Transformers www.govtransformers.com
Enhance Productivity, Collaboration Moblity, Transparency, & Lower Cost


So are you covertly trying to imply that Google is in on it with Apple? ;-)

On a serious note though, just what makes you so determined to divert us from the known fact that the FBI has a history of lying through their teeth? If you read the statement the FBI doesn't even claim they didn't have the data, only that at this time there is no evidence. If I destroyed evidence then I too can truthfully say that at this time there is no evidence. If there was never any data to compromise, wouldn't it be much more accurate and clear to say it is not possible that such an attack occurred.

Title is Wrong (or at least misleading) (1)

Relic of the Future (118669) | more than 2 years ago | (#41241921)

"We didn't give it to them" is not the same as "They couldn't have gotten it." 3rd parties were able to collect UDIDs for a long time, and it's quite easy to believe the FBI could get them from there.

Damage control mode... (2)

detritus. (46421) | more than 2 years ago | (#41241923)

That's not the allegation that Apple gave the FBI that information. They never said that Apple gave it over to the FBI. The filename allegedly stolen was NCFTA_iOS_devices_intel.csv , which means it came from the NCFTA, not from Apple.

Why won't they ask Apple if they handed it to the NCFTA or that the NCFTA requested it? Then let's see what they have to say...

Re:Damage control mode... (1)

detritus. (46421) | more than 2 years ago | (#41241997)

Even more so, if Apple denies they handed it over to an agency, that doesn't mean that a shell company partnering with Apple, or a mole within Apple didn't hand it over to the NCFTA.

People will pay you to give you their UDID (1)

Plumpaquatsch (2701653) | more than 2 years ago | (#41241951)

Just get a developers account and sell access to Apple beta software - people will have to give you their UDID and pay you money for it.

Look Carefully at what the FBI Said (2)

Anonymous Coward | more than 2 years ago | (#41242131)

They did not deny that they had this information, they actually denied that it was on any FBI laptops. (Carefully worded to exclude personally owned laptops by FBI officials)

Zing!

More libel against Apple. (-1)

Anonymous Coward | more than 2 years ago | (#41242157)

Another another another stack of unsupported libel against Apple perpetrated by freetards.

Sure Apple may be better engineers than you are, they may be more successful, richer and more talented than you are in basically every way, but none of these reasons can justify these unsupported attacks against a company whos sole aim is to bring technology out of the dark ages and into the light.

Rest assured, though, these attacks will not go without a response.

Think different.
Think BETTER.
Think Apple!

He-said, she-said (4, Interesting)

Anonymous Coward | more than 2 years ago | (#41242211)

So, the FBI says "we didn't have that information". Apple says "The FBI never requested that information from us". Anonymous says "The FBI had the information".

What I'm getting from this:
* You can't trust any of these organizations to be 100% honest, but they all frequently integrate a bit of truth with each lie, so you can't completely disregard what any one of them says.
* Any, and up to two of them concurrently, could be telling the whole truth, but given their individual track records with honesty, you can't take what they're saying at face value.

One possibility is that the FBI did have the information, that they did not go about getting it through "legal" channels, and that Apple did not know that the FBI had the information. Anonymous "liberating" the information could be their way of forcing everybody's hands about dishonesty, government-instigated corporate espionage, and information security on a massive scale.

Another possibility is that the FBI acquired the information via legal channels and that Apple and the FBI don't want to admit it because the social and political repercussions. Again, Anonymous plays the same role as in the above scenario.

Yet another possibility is that Anonymous "acquired" the information from sources other than the FBI and are using it to rattle somebody's cage or play some type of misdirection.

In the end, data that was thought to be secure was made public, and this has put more than a few people's feet on the fire for it.

The sad thing is that it probably won't be known for sure who's telling the truth because each organization won't want to show more of their hand than they already have. This means that the problems that led to this, whatever and wherever they may be, probably won't be fixed.

Re:He-said, she-said (-1)

Anonymous Coward | more than 2 years ago | (#41243387)

What I'm getting from this:
* You can't trust any of these organizations to be 100% honest, but they all frequently integrate a bit of truth with each lie, so you can't completely disregard what any one of them says.
* Any, and up to two of them concurrently, could be telling the whole truth, but given their individual track records with honesty, you can't take what they're saying at face value.

How do you know "Anonymous" is not the FBI... or your imaginary best friend? I swear to god this is like watching a cripple fight every time "Anonymous" garbage shows up on Slashdot.

Re:He-said, she-said (1)

Solandri (704621) | more than 2 years ago | (#41243813)

It's amusing how easily scientific methodology is discarded for political convenience. You cannot prove a negative. The FBI cannot prove the data did not come from their computers. Even if they found a developer whose database of UDIDs exactly matched the 12 million compromised records, skeptics could always claim the developer had first turned the data over to the FBI, where Anonymous hacked it.

It's impossible for the FBI to prove they're not the source of the data. Therefore the burden of proof is on Anonymous to prove that it did come from the FBI. Simple as that.

Re:He-said, she-said (0)

Anonymous Coward | more than 2 years ago | (#41244419)

I do agree that it is primarily the responsibility of Anonymous to prove that the information did, in fact, come from the FBI.

However, I disagree with your assessment that you cannot prove a negative. To quote Doyle, "If you eliminate the impossible, whatever remains, however improbable, must be the truth." This includes negatives. While this isn't overly scientific, I've seen it play out enough in life to know of its plausibility.

It'll be interesting to watch this unfold, as I'm expecting somebody to up the ante and want to prove their side of the story. My guess is that Anonymous will release some information that further posits their claims.

Who actually believes the FBI ? (0)

Anonymous Coward | more than 2 years ago | (#41242357)

Expecting them to tell the truth is so naive it is tragic.

How about a plant? (1)

AlienSexist (686923) | more than 2 years ago | (#41242553)

If hackers owned (in the domination sense) that FBI laptop to pull files off, then it could be possible to plant files too. While it may be typical for govt and corp to deny everything which plays well into the public's suspicion, hackers that have a goal of embarrassing both entities can plant evidence to achieve this. It is nearly equally believable that a hacker group might be in possession of these lists to begin with. I don't see what value a government investigative agency would even have in this data because it can relate to so many uninteresting devices. It really fits the M.O. of hacker groups, however, to poke around the realm of popular consumer electronics. The fact that these UDID's are considered deprecated might support the case that security concerning their safekeeping has become lax as well... and as a result were taken.

So the main possibilities are: Apple provided the data. The FBI "acquired" the data. The particular agent "acquired" the data (Apple mole, or perhaps from hackers in the dark net). Hackers planted the data.

I suppose it is not too far fetched to think that maybe the lists were taken by hackers and circling some underground file exchange. Perhaps the agent is tasked for monitoring these exchanges, grabbed a copy, was observed getting a copy, and the hackers followed up by owning the agent's laptop because he didn't give the secret handshake. The hackers discover it is an FBI laptop and can't resist disclosing that fact.

Drat and bother, or how to solve this mystery (4, Interesting)

onyxruby (118189) | more than 2 years ago | (#41242845)

This all a bunch of nonsense! This was probably just a list from a given vendor. Track this down by doing the following:

Look for the ID's and find the most recent date one that you can. That gives you the date range that this is relevant for.
Look at the ID's and match them to locations? Are they all from the US? That might give credence to FBI angle (which I think is bullocks).
Look at the ID's and start matching users.
Look for commonality between said users, this far too large of a list of users to simply be a list of OWS protestors (sorry, if OWS was ever that large on just apple users alone OWS would have succeeded instead of being a punch line). Your doing this just to exclude conspiracy theories like a national we spy on people with shiny toys conspiracy theory.

Once you've concluded that there isn't anything in common between most of these people you can't start the real work:
Start matching the common thing or applications between those users. You will probably discover something really benign like they they all have AT&T accounts that belong to the western part of the US or they all have the Twitter application or something really boring.

///sorry to ruin your conspiracy theories, have but have fun reverse engineering this

////yes I posted this earlier today but no one has bothered to solve this yet and it's still getting airtime.....

Apple trying to fix a NON DENIAL (2, Insightful)

Anonymous Coward | more than 2 years ago | (#41243317)

The actual official press release from the FBI, the only statement that matters, didn't deny it, it says "at this time there is no evidence". It was a non denial denial. Apple are simply trying to fix the non-denial denial.

But I agree with you, it is likely a rogue app, or an App with a very bad EULA captured the data. It is also likely the FBI got it as part of an investigation into that app.

Now they should try to match up the common app and then we will know more.

Re:Drat and bother, or how to solve this mystery (2)

DuranDuran (252246) | more than 2 years ago | (#41243349)

> (which I think is bullocks).

Are you saying it's a load of bulls?

The FBI said... (0)

Anonymous Coward | more than 2 years ago | (#41242909)

Why would anyone believe anything the FBI says?

When they're not simply wrong, they are lying to protect state secrets and the security of their agents.

Apple is a cunt (-1)

Anonymous Coward | more than 2 years ago | (#41243011)

Anyone who buys Apple products is a cunt.

Don't be a cunt.

USE THE APNS TO TRACK THE APP IT CAME FROM (0)

Anonymous Coward | more than 2 years ago | (#41244533)

APPLE CAN USE A *SINGLE* APNS TOKEN TO TRACK WHICH APP THE UDIDS/APNS/ETC CAME FROM, JUST DO THAT AND OUT THE WEB SERVICE THAT WAS OBVIOUSLY HACKED.

you only get a apns token when an app wants to receive push notifications..... think about that

also this is to defeat the fucking stupid yelling feature thing.

I wouldn't be surprised... (0)

Anonymous Coward | more than 2 years ago | (#41244767)

even if it was a state sponsored conspiracy.

Ugh (0)

Anonymous Coward | more than 2 years ago | (#41244821)

Ugh, my UDID is in that list. What should I do?

Only one day? (0)

Anonymous Coward | more than 2 years ago | (#41246603)

I find it interesting that they were able to start and complete an investigation after only one day, yet in other times the FBI says they don't have manpower or time to work on missing person cases where lives are involved.

Sure... (0)

Anonymous Coward | more than 2 years ago | (#41247209)

and Sandusky denied touching little boys.

damn apple and the FBI (0)

Anonymous Coward | more than 2 years ago | (#41249639)

Apple, and the federal government. Two of the lyingest organizations left, now that the USSR has folded. Of course the FBI had anything they wanted from apple, and the ability to easily compromise i-gadgets is something they would definitely want. It serves anyone who would buy apple products right, if they were spied on. Owning apple products is like being in a prison. What do the expect in a prison?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?