Leaked Apple device IDs not stolen from FBI, but Florida app maker


Hacker collective Anonymous may not have been truthful about the source of the Apple device identifiers it posted on the web last week. (Shocking, right?) The group claimed the 1 million unique device identifiers (UDIDs) tied to Apple iPhones, iPads and iPods it made public were taken from an FBI agent’s computer, but the FBI denied that outright. On Monday, a Florida company that works with mobile content said it was the source of the UDIDs, according to both NBC News and the New York Times.

The company is called BlueToad, and it builds mobile apps for 6,000 publishers to display their content on mobile devices like Apple’s iOS devices. CEO Paul DeHart said his company compared the file released by the hackers and found a 98 percent match to UDIDs in its own databases, according to NBC’s report. The group published 1 million device IDs, but claimed to have stolen 12 million from the FBI.

DeHart also told the NYT that the 12 million number isn’t correct, and that the theft didn’t occur in March, another claim:

‘We decided to come forward to apologize to our customers, partners and the public in general that this got out there,’ Mr. DeHart said in an interview. ‘We face thousands of attacks every day that we’ve been successful at defending. This one happened to get through.’

Mr. DeHart said his company had contacted law enforcement, as well as Apple, to alert them to the breach and had hired an outside security firm to patch its systems. He said BlueToad had ‘nowhere near’ the 12 million identification numbers that the hackers claimed to have stolen.

Anonymous last week said that part of its aim in posting the UDIDs, besides to illustrate that the FBI might be tracking Americans’ cell phones, was to demonstrate that Apple’s use of the identifiers tied to specific devices, even while anonymized, was a dangerous idea. But even while it appears the group was lying, the point reminded us of the possible privacy invasion resulting from advertisers, app makers, Apple and possibly other organizations having a number that, with a bit of additional information, can reveal the identity of a device’s owner.

Apple(s AAPL) denied handing over the UDIDs to law enforcement, but also noted that it intends to do away with the use of UDIDs in favor of a new solution in its next major mobile software update, which should be sometime in the next few weeks.



really?? we’re going to believe the fbi when it’s spending $1B to track everyone’s faces?? when it hates to get pesky subpoenas and instead wants everyone to give it their cellphone passwords?? no one’s that gullible here, are they?


Kudos to BlueToad for coming clean on mere high probability. Hope it works out for them.

Comments are closed.