“The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organisation. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID,” Apple told AllThingsD.
The FBI’s response to claims of tracking millions of Apple UDIDs and personal data, after hackers from Antisec released a million Apple UDIDs online in a move to draw attention to the allegations was issued yesterday.
The statement, issued to All Things D, reads:
“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
A tweet from the FBI’s press office followed, drawing a response from AnonymousIRC’s Twitter account:
Antisec claims the data is sourced from FBI agent Christopher Stangl, whose Dell Vostro notebook was breached via an AtomicReferenceArray vulnerability on Java in March and contains 12 million UDIDs, along with personal information such as user names, device names, notification tokens, mobile phone numbers and addresses.
Accompanying the data was a post from the hackers, it reads as follows:
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”
Personal data, such as full names, addresses and phone numbers have been “trimmed out” according to the post, leaving enough data “to help a significant amount of users to look if their devices are listed there or not.”
The impact on users whose UDIDs have been released is unknown at this stage, however iOS platform advertising or iAds may be able to utilise the data to construct targeted ads.
In the long post the hackers went on to show their support for Russian anti-Putin group Pussy Riot, Syrian rebels, Julian Assange and Bradely Manning, and condemn the past actions of American Government administrations.