*Urgent* - iPhone and iPad Owners Please Read

Started by Shadowwolf, September 04, 2012, 10:31:49 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Shadowwolf

Ladies and Gentlemen, we got another one...

If you have not been made aware, today a hacking group known as AntiSec, the parent group of the former Lulzsec, released a listing of whats known as UDID numbers for Apple devices.

What is UDID?

What a UDID is in basic terms is the unique identification number each Apple device is assigned when it's made, similar to a serial number. It works as a sort of "fingerprint" that was originally intended to allow ads, settings and other things to be custom tailored to you as an iPhone user. The number in and of itself does not contain any personal information about you, however it is used to link personal information about you to a particular device. Many Apps use this number to customize your settings and send you alerts, data, etc.

This number can be tied to personal info about you that is stored with App sites, on your phone, sent across the net, sent over the cell waves, etc. Every time you do something with your phone using an app that uses this number to identify you, any other additional data can be tied to it and there are multiple ways it can be obtained by unauthorized parties.

The Risk To You

The risk to you as an iPhone or iPad user at this moment is unknown because the list released is incomplete. Again, I have been told the complete list contains a slew of personal information connected to each UDID number.

Should Antisec choose to publish the full list, the threat to you becomes ID Theft, targeted SPAM, potential for account hijacking, phone hijacking, phone hacking and so on. This is the same hacking organization which was partially responsible for many prior big name company breaches in security, to include Sony PlayStation and LinkedIN.

At this moment, where the list came from is in question as the FBI denies it's from them which is what the hacking group is claiming. That's a problem of unauthorized surveillance should it be proven true but pretty much has no bearing on your risk. Since this hacking group is well known for their previous exploits, the threat should be taken seriously unless it can be debunked by experts.

So while at the moment it is a bit too early to know exactly what you need to worry about, you do need to remain concerned and alert. Keeping an eye on your accounts and your device's behavior is the best way to stay alert right now.

Am I Affected?

If your phone uses Android, Blackberry, Windows Phone or SymbianOS you are NOT affected by this. This issue affects only iPhone and iPad owners.

If you experience any unusual out of the ordinary problems or behavior with your iPhone or iPad, you should contact your cell carrier or Apple IMMIDIATELY! This behavior can include but is not limited to Applications launching by themselves, random deletion of data on your phone, and so on. Things that wouldn't normally occur and have not occurred before in your use of the device.

While it is very difficult for someone to utilize the UDID in malicious ways as they must have a very in-depth knowledge of phones and other skills, it is still possible for someone to effectively hack into your phone if they wanted to using this information.

There is a partially released listing of 1 million of these numbers, however it is claimed that a total of 12 million are contained within the database that was retrieved. It is possible to search and see if your device number is on the list here:

http://kimosabe.net/test.html

A set of instructions on how to find out what your device UDID number is can be found here:

http://www.innerfence.com/howto/find-iphone-unique-device-identifier-udid

Whether you are or are not on the exposed list of numbers you need to be concerned because again this is a PARTIAL list. A complete list has not yet been released so there is no certain way to tell at this point if your number is in the hacked database. In addition, this partial list was not released with the personal information that supposedly accompanies each number. I'm told the complete list contains matching full names, numbers, home addresses, Facebook and Twitter account info, etc and the amount of data per UDID is varied. Some numbers have full addresses, some do not, etc. I cannot completely confirm this at the moment, but my sources are usually very reliable.

What Can I Do?

Unfortunately at this moment there is really very little you can do to further contain the situation as the problem lies with Apple and the UDID system itself.

At this time there is no way of blocking the transmission of UDID information over network connections.

You can minimize some of the collected data though by turning off "Location services." Apps which track your location like Foursquare, Twitter, Facebook are usually okay and don't typically use UDID, but Games and Free Apps, especially ones that ask for location data collection you should be wary of.

Moving forward the best way to protect yourself is KNOW WHAT YOU ARE ACCEPTING with Terms on Apps you download and what they are doing with your data. If you "Accept" an App license agreement you should know exactly what they intend to do with your data and how they intend to manage it. If you aren't sure, don't use the App!
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess