Apple weighs in on AntiSec's alleged FBI hack
'Don't look at us'
If, as they claim, the black hats of AntiSec did indeed hack into an FBI agent's laptop and lift unique device identifier (UDID) codes and some users' personal info from 12,367,232 iPhones and iPads, the feds did not get that user and device data from Cupertino. Or so Apple says.
"The FBI has not requested this information from Apple," spokeswoman Natalie Kerris told AllThingsD, "nor have we provided it to the FBI or any organization."
On Monday, AntiSec leaked one million UDIDs, stripped of users' personal information, onto the web, a move that made any reasonable person understandably curious as to why the hell the feds had that data the first place.
That is, if said feds actually did have that data in the first place: on Tuesday, the FBI issued both an email to the press and a tweet to world+dog that vociferously denied possessing the data that AntiSec said they had bagged from Supervisor Special Agent Christopher K. Stangl's laptop in March and leaked onto the web this week.
Of the two denials, the tweet was the most unambiguous, saying in part: "We never had info in question. Bottom Line: TOTALLY FALSE."
We'll likely have to wait for AntiSec's next leak – should it ever come – before we can get a better idea as to who's telling the truth in this entire imbroglio. But in any case, as Apple's Kerris points out, this exact scenario is not likely to be played out it again in the future. "Additionally," she told AllThingsD, "with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID." ®
Another way to harvest UDIDs
I was reading a forum post a week or so ago, came across a link to a site that said 'Not sure if your Apple device has been compromised? Enter your UDID below and we'll check all known information sources to see if it's been published' - needless to say I filled in some random bollocks and clicked Enter, immediately a page came up with 'No your device has not been compromised.'
Well, if I'd entered a real UDID , it would be compromised now.
I am a cynical bastard
But a straight "These claims are totally false!" from any organization, corporate or government, sets a warning flag for me.
I'm just too used to the standard "We are investigating these allegations, and have no comment at this time." type comments they almost always make in situations like this.
Followed, of course, by an official statement months, or even years later, when nobody cares anymore.
Re: I am a cynical bastard
Meh, lets get a good conspiracy going...
FBI: "Apple, we need the UDID of a large proportion of your users"
Apple: "What's in it for us?"
FBI: "$1.05 billion and a bitch slap to Samsung should cover it?"
Apple: "Sounds good"