UPDATED 15:17 EST / SEPTEMBER 05 2012

NEWS

Privacy the Forgotten Threat in Apple UDID Leaks – Apple Denies Info Share

Recent news emerged around the alleged AntiSec hacking of an FBI computer that leaked a revealing 1 million Apple product IDs and the threat of another 11 million on deck.  The FBI has apparently denied this has even happened, and yet a pretty stark element is being largely overlooked in all the reaction to this unfolding story.  That is that up until recently, there was a significant amount of tracking being done on Apple devices, including a wealth of personal information – all without user consent.

Apple has chimed in with a denial of any sharing of information with the FBI or any organization.  They also state in a report on AllThingsD that a ban of UDID usage will be emerging with the new iOS 6 release and replaced with a set of APIs.  A welcome change- but on the surface, still does not completely dismiss privacy concerns as the ban only addresses deliberate third party application usage and can only act going forward.   It will be telling to review emerging policies in the near future.

The UDID has made the devices targets for tracking- every IOS device has one.  For some time, third parties have been collecting stockpiles of information on what is being done with your Apple device.  Earlier in the year, there was a significant amount of congressional scrutiny on application privacy, focused on what was being collected and what policies were in place.  Apple has apparently taken this inquiry seriously by banning the use of UDID in future applications.  The response from Apple is telling that they want to discourage any notion of sharing of information they have.

Along with AntiSec’s very detailed PasteBin release they state:

“FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed.”

There are fears that the repudiation of AntiSec’s source may ultimately end up with the further release the rest of the 12 million Apple UDIDs and associated information.  Time will tell, but in the meantime, the plain truth exists that this data is out in the wild, with much more yet uncovered.  More questions will continue to emerge about where it came from, and perhaps may never be answered given all this denial. The bottom line is smartphone usage is a privacy threat and it makes sense that the industry is trying to alleviate concerns in this space.

If we are to follow AntiSec’s story and analyze it, the likelihood of an unencrypted csv file, sitting in storage on an FBI laptop, by any estimation should be extraordinarily low.  However, stranger things have happened and it is not implausible.  If the vector by which this file was acquired was indeed through an FBI asset, then this is a direct strike at the heart of privacy fears – what would the FBI be doing with such a trove of information on private citizens? – 12 MILLION.   Deny. Deny. Deny.  It is hardly comforting isn’t it?  Well privacy hawks will have plenty to observe it seems.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU