1 Million Apple UDIDs Leaked Online Last Night

Last night, the hacking group AntiSec posted 1 million UDIDs online, claiming they have 11 million more, and that they had stolen them from an FBI laptop in March, when they exploited a Java vulnerability.

UDIDUnique Device ID

Think of it like a serial number for your iOS device, the fingerprint of your phone or iPad.  It is a unique, 40-character alpha-numeric number, and is used by Apple, ad networks, and app developers to identity devices.

It has long been touted as insecure (it’s sent back to app developers un-encrypted), and Apple started to phase it out in April.

Your UDID doesn’t mean much on its own, it’s like your driver’s licence number but without information like your name, address, etc.  However, according the AntiSec, they found more information attached to the numbers, but stripped it out before posting them online, which I think is kind of them.

From Forbes.com:

If the UDIDs are determined to be real, just what that means about law enforcement and Apple users’ privacy isn’t entirely clear. Much more than passwords or even email addresses, UDIDs are already spread around the Internet by app developers and advertisers–a study by one privacy researcher in 2011 found that 74% of the apps he tested sent a user’s UDID to a remote server. But the same researcher also found that five out of seven social gaming networks he tested allowed users to log in with only their UDID, making a stolen UDID equivalent to a stolen password.

How to find your UDID number

You have to do this on your computer, it’s not displayed on your iPhone.

Connect your phone to your computer.  Open iTunes, click on your device in the left column, this screen will look familiar.

Click “Serial Number’, and the number to the right will change to your UUID.  You won’t be able to copy & paste this, you’ll have to record it manually.

Next step is to check if yours was one of the million posted online.

The Next Web has created a tool to see your number was on the leaked list.

TWO THINGS  TO KNOW BEFORE YOU DO THIS.

YES, I’M YELLING HERE

1I can’t guarantee you this is safe.  I don’t know Next Web. What I do know though, is I found this link posted on Twitter by Mikko Hypponen, whom I met and interviewed last year at DefCon 19, who is one of the world’s leading experts in information security.    I felt confident enough to enter mine.  Best I can do, guys.

2 Don’t paste your entire UUID into the box.  Next Web says they’re not storing the UDIDs, but continues that they’re also not being encrypted during this process.  The best thing to do is not enter your entire number; I entered only the first half of mine, good enough.

Click here to check yours.  Mine came back not leaked, and looked like this:

What do do if your UDID has been leaked?  

Call Apple.

Further Reading

Forbes

Lifehacker – definition of a UDID

Corte.si

TechCrunch

 

UPDATE: 6:40pm

The FBI has replied to the claim, made by AntiSec, that it is “totally false”. Privacy-advocacy groups are freaking out. AntiSec then said it won’t say another word, until journalist Adrian Chen poses in a tutu, on the Gawker homepage for 24 hours.

And so he did.

The hashtag #FBI has been trending on Twitter all day, that’s rare.  If you’re following the story out there, be careful what you click.

Gizmodo posted a good article, “Why You Shouldn’t Freak Out if Hackers Leaked Your Apple Device ID

True or not, you probably thought about your online security more today than in a long time, so good.  Your online life is very valuable, treat and protect it accordingly.  

And I learned about being a part of the news cycle.

 

 

The Flashback Trojan is Turning Macs into Zombies

It’s here – the largest EVER Mac trojan has arrived. It’s called Flashback, it’s huge, and if you are running Mac OS X 10.6 you may be affected.

600,000 Macs around the world have been compromised. Statistically, that is a giant botnet.

A botnet: think of it like your computer has been turned into a zombie, and is under someone else’s control. Gather together enough zombies, now you have a botnet army. Most scary of all: you likely wouldn’t even realize you’ve been affected.

What you need to do:

FIRST – check to see if you are vulnerable. If you are running Mac OS X 10.6 you might be. If you are running Mac OS X 10.7 you are likely okay.

SECOND – Let’s check to see if your machine is infected. We’re going to use Terminal to do that, your Mac’s command-line interface.

Open ‘Terminal’.

Don’t be scared if you’ve never used Terminal. You’re going to feel a bit like a hacker, fun!

But – don’t screw around in here, stay focused; a couple wrong keystrokes and you’ll change and alter things you do not want to.

Now you’re looking at a window like this:

Copy and paste this line into Terminal, then hit ‘enter’:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

 

NOT AFFECTED: if it returns this line:

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

That’s what you want, “does not exist”

AFFECTED: if it returns anything but. If infected, click here for the remedy. F-Secure is an antivirus and computer security company in Finland. You’re going to download a Java update from Apple here.

Remember the golden rule to avoid problems:

The Golden Rule: If you installed it, update it.

 

We Mac users have enjoyed relatively virus and malware-free living, till now. I blogged about it last year over on KeriBlog, click here for why it’s no longer the case.

Further Reading:

Gizmodo

The Register

The Internet Storm Center

 

UPDATE – April 13 2012

Yesterday, Apple released a fix for the Flashback trojan.

To install it: go up to the apple top left corner, choose “Software Update”, and say yes to installing the Java update that looks like this:

Apple’s official release page is here. I’ve copied some of the text below and bolded the important parts.

This Java security update removes the most common variants of the Flashback malware.

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

I suggested the other day it was good security practice to ensure your computer is NOT set up to “automatically open downloaded files”. Good idea to do that now. Snow Leopard users might have to do this manually.

Remember, nothing is ever 100% with this stuff. Always err on the side of caution.