Tech experts and tech-savvy users across the globe started downloading the posted data to check if their device’s UDID was one of the leaked ones and to check for any clues as to what is the source of the actual stash of 12 million UDIDs.
AntiSec claimed that they had hacked into an FBI laptop using a Java vulnerability and made away with a CSV file that contained the data. What followed was an FBI press release claiming that AntiSec’s claims are ‘totally false’ and that the laptop from which the data was stolen wasn’t hacked in the first place.
Apple, trying to save its own back, joined the UDID bandwagon and officially announced that it never handed over such information to FBI or any other organization.
This entire mess leads to a couple of questions as to how the hell did AntiSec manage to get 12 million UDIDs and what were these numbers doing at a single location in the first place?
Anonymous tweeted on September 4 just after the leak suggesting that users with their UDIDs present in the leaked list should probably compare their installed apps for any clues.
People whose UDID was on the list released by AntiSec might want to compare their installed apps. A common culprit might be found.
— AnonymousIRC (@AnonymousIRC) September 4, 2012
Users may probably be annoyed to a great extent because Apple tried to distance itself from this mess by giving a statement that didn’t give any convincing answer, instead of which it could have atleast tried to work out a possible list of apps that may have been downloaded the maximum number of times. This could have definitely pointed to probably a single app that has seen the most number of downloads.
The leak was followed by an intriguing post from a senior engineer at Crowdstrike, the company which did a detailed analysis if FinSpy, which read “with the release of the alleged UDIDs today, if those do prove to be legitimate devices, there are now over one million targets which can be targeted using the FinSpy Ad-Hoc distribution mechanism coupled with an existing or new exploit/jailbreak.”
We have already reported that FinSpy is capable of infecting almost all mobile operating systems indicating that the devices in question may have been victim of the FinSpy malware.
I believe that iDevice users do need an answer from Cupertino and a lame excuse denying their involvement in this whole matter just wouldn’t suffice. The stance adopted by FBI and Apple is not going to work in favour of the users as of now and we will have to wait and watch where this thing is heading.