Check if your iOS device has been compromised by the FBI breach

By , Sep 4, 2012

Yesterday, news broke that the hacking group AntiSec published a million UDIDs from an alleged trove of twelve million device IDs claimed to have been stolen from a laptop belonging to an FBI agent. Even though the hackers had removed some of the identifiable information from the list, your UDID might be exposed out in the wild, along with 999,999 other IDs posted on the web.

And why would you want to know if your UDID is out there for everyone to see? Good question. Your UDID uniquely identifies your device and expert hackers could use it to glean all sorts of information from other data associated with your UDID.

Yeah, it’s a privacy catastrophe, one that might potentially even lead to identity theft. Perhaps even more important than that, wouldn’t you like to know if your device is on the FBI’s watch list?

The tool to check if your UDID has been compromised has been put together by The Next Web and is made available here.

Just type in your UDID into the search field and they will run it against the database and spit out the results.

Of course, the publication promises not to store your UDID though we obviously cannot vouch for this.

Don’t know what your UDID is?

Just hit the serial number entry in the device information pane in desktop iTunes or head here for a brief tutorial.

As you know, UDID, or “Unique Device Identifier” is just what the name says, a serial number unique to your device. Developers have been using UDIDs to identify users both across different apps and on a per-app basis for the purpose of simplifying and personalizing user experience.

Due to privacy issues related to apps sending UDIDs to ad companies without the user’s permission, Apple began clamping down on sites that sell UDID activations and rejecting apps that use UDIDs.

Presumably, a set of new tracking tools fore developers is likely in the works.

As for the FBI breach, what I’m way more concerned about is how the heck has the FBI gotten hold of twelve million UDIDs in the first place.

More importantly, why?

Data obtained by hacking into a Dell Vostro notebook used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team contains a wealth of information which also includes user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cellphone numbers, addresses and what not.

What business does Uncle Sam have storing sensitive personal data belonging to twelve million individual devices?

9to5Mac offers an interesting answer, that the FBI lifted these UDIDs in an unrelated raid last year which saw Instapaper creator Marco Arment’s server being stolen as well.

Arment on its part tweeted that the breach “didn’t involve the disks being taken, and I had nowhere near 12 million user records”. He also confessed that “Instapaper did log UDIDs with user accounts in the past, but has never transmitted or logged any of those other fields”.

Of course, it wouldn’t be an evening news topic without a joke attached to it (via David Chartier).

Here’s a new FBI FAQ:

Q: How do I find out if my UDID has be—

A: Shut up and pay no attention to the man behind the curtain.

What do you think?

Also, we’d love to hear from those of you who checked if their UDID has been compromised.

Is your device on the list?

If so, are you spooked now?

  • Share:
  • Follow:
  • http://twitter.com/MrJemRoxas Jem Roxas

    Nice! To the hackers, STONE THEM TO DEATH!

    • http://twitter.com/Pitchy Pitchy

      Yet they brought out the attention that the FBI is keeping your UDID in a database. Stop and ask yourself why the FBI has this data in the first place.

  • harit7

    So what should one do if his udid is on the list?

    • http://twitter.com/Mrarkon Lady Mrarkon

      Probably be a bit wary of what you do on the device then. If you just use it like a normal phone, that’s fine. But if you like, pirate stuff on it and things like that then you might have an issue.

  • Kok Hean

    Mine has not been leaked :P

  • http://twitter.com/imperiumSG Andy M.

    why cant hackers use there powers for good, be like the Xmen

    • http://www.facebook.com/corey.eden Corey Eden

      It appears that’s what they just did.

      • abujafer

        How? Oh, they hacked the government, we’re all much better off, blah blah blah. What could the government possibly have done that’s worse than whatever hackers can do to devices now that the UDID’s are out? It’s like giving everyone in the world a knife and putting your neck out and asking, who wants to cut it off? At first only the “bad people” had knives, now literally every person in the world has one. There’s no way you can put a positive spin on this, what the hackers did is wrong and if you honestly believe these criminals are better off than the “corrupt government” then you need to wake the hell up.

      • http://twitter.com/imperiumSG Andy M.

        ^ this guy knows whats up.

      • http://twitter.com/Pitchy Pitchy

        And you trust the government more than the hackers? Why did the FBI have all of our UDIDs in the first place? To quote Charlie Manson – police used to watch over the people, now they are watching the people.

      • http://www.facebook.com/Pay1313 Brian Sultzman

        While i Don’t agree with the government having the UDID’s in the first place, I do have to agree with them being safer there than in the public domain via hackers.

      • abujafer

        Yes, I trust the government more than the hackers. What’s the government going to do with my UDID? Steal my money? Really, that’s the only thing I’m afraid of, and hackers are the only ones who could do that. It’s really the greater of two evils, and obviously hackers are worse.

        Let’s look at it this way; if the hackers HADN’T hacked the UDID’s, only the government would have them. Now everyone INCLUDING the government does.

      • goofygreek

        Bad example there. If everyone had knives, crime would go down, not up. How would you know if the person your about to rob doesn’t have a bigger sharper knife then you? Would you still take the risk to rob that person? I know, way off topic.

  • http://twitter.com/Sleepy83 Matt R.

    I would feel alot more comfortable if Apple created a site for us all to reference, I don’t really trust an unknown site, especially one that isn’t using SSL. PASS until someone reputable can help us out

  • http://twitter.com/JaysinNY76 JaysinNY76

    why would I want to enter my udid in a website that is I have never heard of to check if it is on the list? This seems very suspicious!

    • http://twitter.com/imperiumSG Andy M.

      exactly!

    • http://www.facebook.com/people/Fernando-Pena/1179619252 Fernando Pena

      You don’t need to type the whole UDID, just a part of it. It’s safe.

      • http://twitter.com/im_known_bro John

        So if I type like 5 or 8 numbers of my UDID I’ll be fine right?

      • http://www.facebook.com/people/Fernando-Pena/1179619252 Fernando Pena

        Sure

  • http://twitter.com/aomia syler

    One million is a small number when you think about how many have an iPhone but still a bad thing having said that this story is really weird for me as my iPhone 4S lit up last night by its self when I saw it I turned it off. This makes me wonder now.

  • marco1993

    I see another lawsuit in the near future

  • http://twitter.com/Plazmer Ahmed Muhammad

    I’m cleared