App publisher not FBI leaked Apple UDIDs

Powered by SC Magazine
 

Researcher tips off victim.

Last week's disclosure of Apple Unique Device Identifiers (UDIDs) was caused by a breach of a US application publisher.

Florida-based publishing company Blue Toad said the million-record database of UDIDs was stolen from its servers two weeks ago, contradicting hacker claims that they were stolen from an FBI agent's laptop in March.

The FBI denied it was linked to the incident.

Blue Toad CEO Paul DeHart told NBC News staff downloaded the data released by Anonymous and compared it to the company's own database. They found a 98 per cent correlation between the two datasets.

 "pretty apologetic to the people who relied on us to keep this information secure" 

But DeHart said the compromised data may have been shared and ended up on a FBI computer. 

The company was tipped off by external researcher David Schuetz who compared apps against multiple devices to narrow down the source.

“I had decided to look more closely at the most frequently repeated device IDs, on the theory that perhaps that would belong to a developer. They'd naturally test multiple apps for their company, each of which should have a different device token,” he said.

“By the time I went to bed, I had identified 19 different devices, each tied to Blue Toad in some way.

"I found iPhones and iPads belonging to their CEO, CIO, CCO, a customer service rep, the director of digital services, the lead system admin, and a senior developer."

Apple publicly denied giving the information to the FBI and said that it began rejecting apps that access UDIDs earlier this year after phasing them out with the introduction of iOS 5.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


App publisher not FBI leaked Apple UDIDs
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1789

Vote
Do you support the abolition of the Office of the Information Commissioner?