FBI denies it was responsible for Apple ID leak

Summary:The FBI is claiming that it has nothing to do with the leaked list of over a million Apple device IDs, because it never had the information to begin with.

The FBI is disputing a hacker group's claim that it stole personal identification data of more than a million Apple device owners from an FBI agent's laptop.

Apple has not yet responded to repeated requests for comment, but the FBI has said that it never asked for and never possessed the list that the group, which is affiliated with the AntiSec movement, has posted on a website.

The group released a link to a text file containing more than a million Apple device identification numbers.

The identification data includes Apple devices' Unique Device IDs (UDIDs), which New Zealand coder and security consultant Aldo Cortesi has repeatedly warned is a ticking privacy time-bomb. According to Cortesi, many iOS applications regularly send the UDIDs to servers on the internet and often over insecure communication channels.

Cortesi's own experiments found that many companies, especially those in the social gaming ecosystem, are abusing the use of UDIDs in a manner that could result in serious privacy breaches. At the time of one of his experiments, he found that certain social gaming sites would allow attackers to log in with the knowledge of a stolen UDID alone.

"Some of the companies mentioned in my posts still have unfixed problems (they were all notified well in advance of any publication)," Cortesi wrote on his site yesterday.

"When speaking to people about this, I've often been asked 'What's the worst that can happen?' My response was always that the worst case scenario would be if a large database of UDIDs leaked ... and here we are."

Topics: Security, Apple

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.