One million and one Apple device IDs leaked

AntiSec – part of Anonymous – obtained the data by hacking an FBI agent's laptop.

The AntiSec group of hackers – one of many spun off from the sprawling leviathan that is the Anonymous movement – have released what they claim is a set of 1,000,001 unique device identifiers (UDIDs) for iPhones, iPads and iPod touches, which were stolen from the FBI.

The release also contains the device names and APNS tokens, which are key to getting push notifications onto devices, is in itself a pretty big security breach. It's bigger still given the fact that the default device name for Apple products is "[full name]'s iPhone". Even worse, AntiSec claim that the data is just a small part of a much large trove of personal information, which includes the UDIDs of 12,000,000 devices, and "full names, cell numbers, addresses, zipcodes, etc" for a smaller subset of them.

The group explain (at length) why they've leaked the data, and it boils down to trying to get people's attention that "FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT [sic]", though they are also aggreived at what they call the "hypocritical attempt made by the system" to encourage hackers to sign up:

You are forbidden to outsmart the system, to defy it, to work around it. In short, while you may hack for the status quo, you are forbidden to hack the status quo. Just do what you're told. Don't worry about dirty geopolitical games, that's business for the elite. They're the ones that give dancing orders to our favorite general, [NSA's general] Keith [Alexander], while he happily puts on a ballet tutu. Just dance along, hackers. Otherwise... well...

The method by which they claim to have got hold of the data is concerning as well – quite aside from whether or not the FBI ought to have the info, if they do, one would hope that they would store it more securely:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

AntiSec also expressed their desire that the leak would expose the flaws with the UDID system itself. Even without any extra info leaked, that breach exposes victims to a fair degree of damage. As one programmer, Aldo Cortesi, writes:

If you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information.

Apple has been quietly killing the methods by which developers can access UDIDs for the last year or so, removing their ability to directly read them; but that won't prevent at least some users suffering from this leak. A number of older apps and unsecure networks still allow users to log in using just the UDID as identification. Although this hasn't been recommended practice for some time, not everyone runs their companies the way they ought to.

Unfortunately, we won't be able to hear anything else from AntiSec until Gawker journalist Adrian Chen dresses up in a tutu with a shoe on his head. Yes, those are their demands:

no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go. (and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The AntiSec logo, in ASCII-art form.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Getty
Show Hide image

The Tinder dating app isn't just about sex – it's about friendship, too. And sex

The lines between sex, love and friendship are blurrier than ever, as I found out quickly while using the app.

The first time I met someone using Tinder, the free dating app that requires users to swipe left for “no” and right for “yes” before enabling new “matches” to chat, it was an unqualified success. I should probably qualify that. I was newly single after five years in a committed relationship and wasn’t looking for anything more than fun, friendship and, well, who knows. A few weeks earlier I had tried to give my number to a girl in a cinema café in Brixton. I wrote it on a postcard I’d been using as a bookmark. She said she had a boyfriend, but wanted to keep the postcard. I had no date and I lost my page.

My Tinder date was a master’s student from Valencia called Anna (her name wasn’t really Anna, of course, I’m not a sociopath). When I arrived at the appointed meeting place, she told me I was far more handsome IRL (“in real life”) than my pictures suggested. I was flattered and full of praise for the directness of continental Europeans but also thought sadly to myself: “If only the same could be said about you.”

Anna and I became friends, at least for a while. The date wasn’t a success in the traditional sense of leading us into a contract based on exclusivity, an accumulating cache of resentments and a mortgage, but it had put me back in the game (an appropriate metaphor – people speak regularly of “playing” with the app).

According to Sean Rad, the co-founder who launched Tinder in late 2012, the service was invented for people like me. “It was really a way to overcome my own problems,” he told the editor of Cosmopolitan at an event in London last month. “It was weird to me, to start a conversation [with a stranger]. Once I had an introduction I was fine, but it’s that first step. It’s difficult for a lot of people.” After just one outing, I’d learned two fundamental lessons about the world of online dating: pretty much everyone has at least one decent picture of themselves, and meeting women using a so-called hook-up app is seldom straightforwardly about sex.

Although sometimes it is. My second Tinder date took place in Vienna. I met Louisa (ditto, name) outside some notable church or other one evening while visiting on holiday (Tinder tourism being, in my view, a far more compelling way to get to know a place than a cumbersome Lonely Planet guide). We drank cocktails by the Danube and rambled across the city before making the romantic decision to stay awake all night, as she had to leave early the next day to go hiking with friends. It was just like the Richard Linklater movie Before Sunrise – something I said out loud more than a few times as the Aperol Spritzes took their toll.

When we met up in London a few months later, Louisa and I decided to skip the second part of Linklater’s beautiful triptych and fast-track our relationship straight to the third, Before Midnight, which takes place 18 years after the protagonists’ first meet in Vienna, and have begun to discover that they hate each others’ guts.

Which is one of the many hazards of the swiping life: unlike with older, web-based platforms such as Match.com or OkCupid, which require a substantial written profile, Tinder users know relatively little about their prospective mates. All that’s necessary is a Facebook account and a single photograph. University, occupation, a short bio and mutual Facebook “likes” are optional (my bio is made up entirely of emojis: the pizza slice, the dancing lady, the stack of books).

Worse still, you will see people you know on Tinder – that includes colleagues, neighbours and exes – and they will see you. Far more people swipe out of boredom or curiosity than are ever likely to want to meet up, in part because swiping is so brain-corrosively addictive.

While the company is cagey about its user data, we know that Tinder has been downloaded over 100 million times and has produced upwards of 11 billion matches – though the number of people who have made contact will be far lower. It may sound like a lot but the Tinder user-base remains stuck at around the 50 million mark: a self-selecting coterie of mainly urban, reasonably affluent, generally white men and women, mostly aged between 18 and 34.

A new generation of apps – such as Hey! Vina and Skout – is seeking to capitalise on Tinder’s reputation as a portal for sleaze, a charge Sean Rad was keen to deny at the London event. Tinder is working on a new iteration, Tinder Social, for groups of friends who want to hang out with other groups on a night out, rather than dating. This makes sense for a relatively fresh business determined to keep on growing: more people are in relationships than out of them, after all.

After two years of using Tinder, off and on, last weekend I deleted the app. I had been visiting a friend in Sweden, and took it pretty badly when a Tinder date invited me to a terrible nightclub, only to take a few looks at me and bolt without even bothering to fabricate an excuse. But on the plane back to London the next day, a strange thing happened. Before takeoff, the woman sitting beside me started crying. I assumed something bad had happened but she explained that she was terrified of flying. Almost as terrified, it turned out, as I am. We wound up holding hands through a horrific patch of mid-air turbulence, exchanged anecdotes to distract ourselves and even, when we were safely in sight of the ground, a kiss.

She’s in my phone, but as a contact on Facebook rather than an avatar on a dating app. I’ll probably never see her again but who knows. People connect in strange new ways all the time. The lines between sex, love and friendship are blurrier than ever, but you can be sure that if you look closely at the lines, you’ll almost certainly notice the pixels.

Philip Maughan is Assistant Editor at the New Statesman.

This article first appeared in the 26 May 2016 issue of the New Statesman, The Brexit odd squad