Feeds

back to article Apple weighs in on AntiSec's alleged FBI hack

If, as they claim, the black hats of AntiSec did indeed hack into an FBI agent's laptop and lift unique device identifier (UDID) codes and some users' personal info from 12,367,232 iPhones and iPads, the feds did not get that user and device data from Cupertino. Or so Apple says. "The FBI has not requested this information from …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Storm in an empty tea cup.

1
0
Silver badge
Meh

Until they leak out the truth a few months later.

1
1

Can you say Facebook.app?

2
0
Bronze badge
WTF?

Another way to harvest UDIDs

I was reading a forum post a week or so ago, came across a link to a site that said 'Not sure if your Apple device has been compromised? Enter your UDID below and we'll check all known information sources to see if it's been published' - needless to say I filled in some random bollocks and clicked Enter, immediately a page came up with 'No your device has not been compromised.'

Well, if I'd entered a real UDID , it would be compromised now.

6
0

Re: Another way to harvest UDIDs

Yep - that was my first thought. If I were the FBI and Secret Service, I'd set a few honey traps with data entered on that page.

2
0
Facepalm

Re: Another way to harvest UDIDs

"Enter your UDID below and we'll check all known information sources to see if it's been published"

What, and a million people did this, you're suggesting?

2
3
Facepalm

Re: What, and a million people did this, you're suggesting?

Erm, no, he's not.

2
0
Jop
Black Helicopters

Re: Another way to harvest UDIDs

A slightly more trustable website to test it against. https://lastpass.com/udid/

Worth noting that an ESET AV employer blogged that his UDID was on the list.

1
0
Bronze badge

Re: Another way to harvest UDIDs

I don't know about 'more trustworthy'. I entered the first 5 digits of my UDID at both sites, and both sites responded with the same two allegedly tracked UDIDs, neither of which was mine.

2
0
Anonymous Coward

Re: Another way to harvest UDIDs

>I entered the first 5 digits of my UDID...both sites responded with the same two allegedly tracked UDIDs, neither of which was mine.

You could be a Poster Child for iPhone.......

2
0
Silver badge

I am a cynical bastard

But a straight "These claims are totally false!" from any organization, corporate or government, sets a warning flag for me.

I'm just too used to the standard "We are investigating these allegations, and have no comment at this time." type comments they almost always make in situations like this.

Followed, of course, by an official statement months, or even years later, when nobody cares anymore.

6
2
Devil

Re: I am a cynical bastard

These people love to blackmail companies like Apple. How do we know someone simply didn't pay a ransom? Or perhaps they faked the list just for attention. Perhaps all we can do is speculate. We may never know.

0
0
Bronze badge

Re: I am a cynical bastard

> > Perhaps all we can do is speculate. We may never know.

> We'll likely have to wait for AntiSec's next leak – should it ever come –

> before we can get a better idea as to who's telling the truth in this entire imbroglio.

I read that to mean the the FBI will tell us whudunnit if and when.

That's their job innit?

Errmmm... What exactly IS their job?

I thought it was to deal with crimes that dogged the states in the United States because of difficulties with cross border crimes.

Does the FBI handle private data like that in the article?

I didn't read the full denial.

0
1
Silver badge
Facepalm

Re: I am a cynical bastard

"But a straight "These claims are totally false!" from any organization, corporate or government, sets a warning flag for me....." When I was contracting for the civil service I was working one night when the Police cuffed some burglars in an office in the building next door. The next morning a reporter, acting on a duff tip from a copper, called our Head of Security and asked if we'd been burgled, which he immediately denied. The reporter then phoned our PR office and claimed our "instant denial" meant we were trying to cover something up. The PR droid came to ask the HoS how he could issue and instant denial? The HoS was able to because he was onsite that night whilst the maintenance work was being done and it was him that called the Police to tell them next door was being broken into!

Sometimes even government organisations can issue straight and immediate denials truthfully. Maybe the FBI could simply because they knew they hadn't issued Spankme an FBI laptop.

1
1
Anonymous Coward

Re: I am a cynical bastard

Meh, lets get a good conspiracy going...

FBI: "Apple, we need the UDID of a large proportion of your users"

Apple: "What's in it for us?"

FBI: "$1.05 billion and a bitch slap to Samsung should cover it?"

Apple: "Sounds good"

2
0
Anonymous Coward

Re: I am a cynical bastard

Probably because their claims are specific enough to check easily.

They said a specific, high ranking FBI official had a laptop stolen. It's a requirement for any US government employee to report lost or stolen laptop equipment within 24 hours of losing it. Not doing so is one of the few offenses for which you can be immediately fired, especially at his level. Story comes in, check for the filing, if it doesn't exist, flat denial.

1
0
Silver badge

"with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID"

So are they going to ban any iThing too old for iOS6?

2
0

They are banning the introduction of apps to the store that access the UDID. At some point existing ones that access it may be removed.

I think the only fairly recent device that won't be getting iOS 6 is the original iPad. 3GS and later will get it. How many Android phones introduced in 2009 will get JellyBean?

3
2

And how many iPhone 3GS will still work with an acceptable performance after the upgrade?

I had an iPhone 3G (admittedly an old model), and I could not get even near the IOS 4 update, it would totally cripple my device. Opening the contact list would take 4-5 seconds. I'm not saying this will happen to the 3GS, but providing the newest FW for everybody is not necessarily a good thing.

3
2

Re: post-upgrade performance

Same story here -- iPhone 3G, pretty sweet kit originally, after the iOS4 upgrade it was so up-to-date it was useless -- dog slow, with spontaneous restarts. Binned it as soon as my contract was up, did *not* replace it with another fruit-phone.

0
0
Anonymous Coward

Empty comments

Until we see more info, there is hot air and empty truths from all 3 parties.

1) Antisec guys who released the small sample need to substantiate that these details did indeed come from an FBI employee's equipment

2) The FBI were VERY quick to deny any breach and then back-peddled on their official website saying "at this time there is no evidence" of a breach, showing they denied the leak before investigating for sure: http://www.fbi.gov/news/pressrel/press-releases/statement-on-alleged-compromise-of-fbi-laptop

3) I have a feeling that Apple checked the leaked details against what they have given the FBI before and found a UDID which they had not actually passed on thus giving them much joy in being able to claim that the list did not come from them. At the same time their statement gives the impression that they have never passed on a similar list before which is what the sheep-population will go away thinking....

Who will get the egg on their face?

3
4

fbi list here

http://pastebin.com/nfVT7b0Z

cheers

0
1
Anonymous Coward

Antisec talking smack again

SOS, DD.

1
0
Silver badge
FAIL

Apple, FBI and the US Government - all damn liars

Personally I don't accept any are telling the whole truth.

Apple usually doesn't respond, the FBI answered/responded way, way too quickly for them and the US government ...

Who has the more believable track record? AntiSec, or the rest. Apple could have been under legal restrictions imposed by the FBI warrant not to disclose the disclosure, apart from the fact they employ a whole department well practiced in the art of saying nothing, often in a verbose manner.

US manufacturers sleep with the government, only Zimmermann of PGP fame had the guts to stand up to the US government harassment and give them the finger.

3
2
Paris Hilton

Whodunnit???

Apple says 'not me'. The FBI says 'not me'. So, are the UDID's on the list real or fakes? If real, then somebody's not quite telling the real truth (as opposed to the fake truth).

<<<< Paris, because she's more clueless than me...

0
0
This topic is closed for new posts.