Previously, Apple began to reject all applications that used UDID information, these are unique identifiers for each iOS device. The reason for this change was that different developers abuse this information.
Last night it was proved once again that not only developers interested in this UDIDs, hacker group AntiSec published namely a list of the FBI with more than 12 million UDIDs with various iOS devices.
Hacker News has more information about the list and hack:
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”
The list of 12.3 million is not fully leaked by AntiSec “only” 1 million UDIDs was published to draw attention to the problem. According to the group, the personal data was deleted, but there is enough information available to allow users to check their devices in the list mentioned.
It is unclear what the FBI will do with this UDIDs, in principle, they give little personal information away, but they could potentially be used to link to your Facebook or Twitter account. In the article written by AntiSec, it was stated that they were never happy with the Apple UDIDs, according to the group’s simply been a bad decision from Apple. We are also curious about the reaction of Apple and the FBI.