• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   App developer claims responsibility for UDID hack

App developer claims responsibility for UDID hack

  • Posted on:September 12, 2012
  • Posted in:Current News
  • Posted by:
    Trend Micro
0

The  FBI may be due for a reprieve after claims that hacktivist group AntiSec hacked an agent's computer and compromised 12 million Apple unique device identifiers (UDIDs) recently made headlines. Although the hackers claimed to have breached a laptop belonging to cybersecurity expert Christopher Stangl, the FBI issued a statement countering these accusations shortly after news broke of the incident. Now, a third party has emerged to lend credence to the FBI's claims.

Paul DeHart, CEO of software company BlueToad, told Reuters that the data security breach actually happened within his company, which hosts 5,000 digital publications and offers applications to help publishers better monetize their content. Perhaps due to the potentially lucrative payload, the company deflects an average of 1,000 cyberattacks each day.

In addition to taking some liberty regarding where the UDIDs came from, AntiSec may have also exaggerated how much data the group retrieved. According to DeHart, only two million IDs were compromised in the incident.

Lack of data protection

Although the actual scope of the incident is smaller in scale than the original headline-making claims, Wall Street Journal columnists Jennifer Valentino-Devries, Jeremy Singer-Vine and Ashkan Soltani highlighted another legitimate risk. WSJ conducted an investigation in which it tested a sample of the one million released UDIDs and found that BlueToad apps sent device and user information back to the company in plain text.

As the WSJ writers pointed out, BlueToad's CEO said device information was not automatically connected with personal data, but more than 400 users included addresses or full names with the name of their device. The incident may be part of a larger trend of lax practices regarding the protection of user data.

"The BlueToad breach is the latest in a series of events that have raised questions about the security and privacy of the fast-growing app economy," WSJ stated. "Many apps have been found taking data that users didn't know about. In 2010, the Journal tested 100 iPhone and Android apps and found that more than half were transmitting identifying details without the user's knowledge, and some were sending more personal information such as contact lists and location information. Since then, several other apps have been caught transmitting details about users without their knowledge."

Due to the user privacy risks, Apple has instructed application developers to stop using UDIDs and plans to progressively reduce developer access to the ID system. While this move is good news for privacy, it has caused concern for mobile ad networks and app developers that leverage the identifier to track user behavior.

Data Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Why Taking the Apple Developer Sites Down was a Good Thing
  2. Angry about the NSA and Angry Birds? The discussions the latest NSA claims should be prompting.
  3. Google claims account attacks sponsored by foreign governments
  4. UDID Primer: Breaking down Apple’s leaky situation

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, ę—„ęœ¬, ėŒ€ķ•œėÆ¼źµ­, å°ē£
  • Latin America Region (LAR): Brasil, MĆ©xico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Ɩsterreich / Schweiz, Italia, Š Š¾ŃŃŠøŃ, EspaƱa, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.