The notorious hacking group Anonymous, famous for its anti-government operations have now uncovered data of users using iPhone, iPad gadgets of the Apple inc . The burning fact is that the data collected was obtained during a successful breach into the laptop of one of the FBI agent. The group was successful in uncovering one million and one iPhone and iPad UDIDs, that is Unique Device Identifiers. UDID is a unique id assigned to each device to make it easier to track. The leak was posted as a part of their “AntiSec movement”. The group claims to have 12 million such IDs along with the personal information of the people who own the devices with said IDs. As seen earlier, such breaches and leakage were done either breaching websites or networks of the company. But the interesting thing here is that this leakage was done during a breach into one of the agents laptop of the worlds leading intelligence agency, FBI. As noticed here, bad security practice was the factor behind.
The group claims to have broken into the Dell Vostro laptop of an agent during the second week of March, this year. The breach was successfully carried out using the AtomicReferenceArray vulnerability in Java as claimed by the group in a post on pastebin. The also claimed to have downloaded files from the system, with “NCFTA_iOS_devices_intel.csv” file caught their attention. Later, the file proved to be a whole data of of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. NCFTA mentioned in the file stands for National Cyber-Forensics & Training Alliance. The group decided to release data of 1,000,001 devices. The leakage by the group contained the UDIDs, the push notifications tokens, the device’s name and the device type. Well its fair enough to verify the data and determine whether it is legitimate. The leakage file could be obtained from file hosting sites, on which the group uploaded.
The file is encrypted and can be decrypted using OpenSSL:
Later, the decrypted file is extracted and we obtained “iphonelist.txt” file.
The obtained data seems to be legitimate. As a point of attention, Anonymous seems to be on fire and will grab a lot of attention with this leakage. Though it has left a finger pointed towards Intelligence agencies. Are they silently watching you? Stay tuned to get more updates.