Apple, FBI play down alleged Anonymous hack
Anonymous says it obtained a bunch of iPhone and iPad user IDs. Not so, counter the FBI and Apple.
Over the weekend, the "hacktivist" group Anonymous released a cache of more than a million of what it said were Apple Unique Device Identifiers, or UDIDs, which were apparently stored on a computer owned by an FBI agent. At least a few security professionals think the breach might be for real. But today the FBI sought to distance itself from the Anonymous allegations – if not refute them altogether.
"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the agency said in a statement. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
As Anonymous partisans have gleefully noted, there's a little wiggle room here: "no evidence" is different from "it never happened."
Meanwhile, Apple has issued its own statement on the hack.
"The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," Natalie Kerris, an Apple spokeswoman, told The New York Times. "Additionally, with iOS 6, we introduced a new set of [application programming interfaces] meant to replace the use of the UDIDs and will soon be banning the use of UDIDs."
In summary: Apple says it didn't give the UDIDs to the FBI and the FBI says it (probably) never had the UDIDs.
So should we be worried?
Well, sort of. Anonymous, it's worth noting, has only released a series of UDIDs, not the names and addresses associated with those UDIDs. Still, says Rob Rachwald, director of security strategy at Imperva, that doesn't mean Apple users aren't at risk.
"If the hackers have what they claim, they may be able to cross-reference the breached data to monitor a user's online activity – possibly even a user's location," Rachwald told Information Week. "To be clear, the released database is sanitized so you cannot perform this type of surveillance today. But with the full information that hackers claim to have, someone can perform this type of surveillance. This implies that the FBI can track Apple users."