Apple Push Notification Service ▪ September 5, 2012
Apple Push Notification Service ▪ September 4, 2012
HackerNews linked last night to a Pastbin file, which is a long-rambling diatribe by hacker group AntiSec, that eventually said the group infiltrated an FBI laptop in March and was able to download files off the machine. One of those files, NCFTA_iOS_devices_intel.csv, contained more than 1 million Apple UDIDs, but the group claimed to have over 12 million UDIDs and other personal information, which it apparently gathered after breaching the Dell Vostro of an FBI operative.
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.
“NCFTA_iOS_devices_intel.csv” looks like it stands for the National Cyber-Forensics and Training Alliance, which “functions as a conduit between private industry and law enforcement.” (http://www.ncfta.net/)
Apple previously said it would limit developer access to UDIDs, but the Pastebin post asserted AntiSec published the identifiers, after first leaving out full names, cell numbers and addresses, to warn folks about the FBI tracking U.S. citizens with the mobile data.
Fun Fact: 166 devices in the data set are named “Titanic” or “The Titanic” because of the “Titanic is syncing” joke.
Cydia creater Saurik took to Hacker News to note that it is unlikely that the source was from jailbreaking:
I run Cydia, and have determined only 16.7% of the UDIDs in that file are from jailbroken devices: I thereby do not believe that whatever managed to get this data is anywhere in our ecosystem.