One million and one Apple device IDs leaked

AntiSec – part of Anonymous – obtained the data by hacking an FBI agent's laptop.

The AntiSec group of hackers – one of many spun off from the sprawling leviathan that is the Anonymous movement – have released what they claim is a set of 1,000,001 unique device identifiers (UDIDs) for iPhones, iPads and iPod touches, which were stolen from the FBI.

The release also contains the device names and APNS tokens, which are key to getting push notifications onto devices, is in itself a pretty big security breach. It's bigger still given the fact that the default device name for Apple products is "[full name]'s iPhone". Even worse, AntiSec claim that the data is just a small part of a much large trove of personal information, which includes the UDIDs of 12,000,000 devices, and "full names, cell numbers, addresses, zipcodes, etc" for a smaller subset of them.

The group explain (at length) why they've leaked the data, and it boils down to trying to get people's attention that "FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT [sic]", though they are also aggreived at what they call the "hypocritical attempt made by the system" to encourage hackers to sign up:

You are forbidden to outsmart the system, to defy it, to work around it. In short, while you may hack for the status quo, you are forbidden to hack the status quo. Just do what you're told. Don't worry about dirty geopolitical games, that's business for the elite. They're the ones that give dancing orders to our favorite general, [NSA's general] Keith [Alexander], while he happily puts on a ballet tutu. Just dance along, hackers. Otherwise... well...

The method by which they claim to have got hold of the data is concerning as well – quite aside from whether or not the FBI ought to have the info, if they do, one would hope that they would store it more securely:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

AntiSec also expressed their desire that the leak would expose the flaws with the UDID system itself. Even without any extra info leaked, that breach exposes victims to a fair degree of damage. As one programmer, Aldo Cortesi, writes:

If you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information.

Apple has been quietly killing the methods by which developers can access UDIDs for the last year or so, removing their ability to directly read them; but that won't prevent at least some users suffering from this leak. A number of older apps and unsecure networks still allow users to log in using just the UDID as identification. Although this hasn't been recommended practice for some time, not everyone runs their companies the way they ought to.

Unfortunately, we won't be able to hear anything else from AntiSec until Gawker journalist Adrian Chen dresses up in a tutu with a shoe on his head. Yes, those are their demands:

no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go. (and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The AntiSec logo, in ASCII-art form.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Photo: Getty
Show Hide image

Move objects with your mind – telekinesis is coming to a human brain near you

If a user puts on the Neurable headset, they can move virtual objects with their thoughts. 

On 30 July, a blog post on Medium by Michael Thompson, the vice-president of Boston-based start-up Neurable, said his company had perfected a kind of technology which would be “redrawing the boundaries of human experience”. 

Neurable had just fulfilled the pipe dreams of science fiction enthusiasts and video game fanboys, according to Thompson – it had created a telekinetic EEG strap. In plain English, if a user puts on the Neurable headset, and plays a specially-designed virtual reality video game, they can move virtual objects with their thoughts. 

Madrid-based gaming company eStudioFuture collaborated with Neurable to create the game, Awakening. In it, the user breaks out of a government lab, battles robots and interacts with objects around them, all hands-free with Neurable's headset. Awakening debuted at SIGGRAPH, a computer graphics conference in Boston, where it was well received by consumers and investors alike.

The strap (or peripheral, as it’s referred to) works by modifying the industry standard headset of oversized goggles. Neurable's addition has a comb-like structure that reaches past your hair to make contact with the scalp, then detects brain activity via electroencephalogram (EEG) sensors. These detect specific kinds of neural signals. Thanks to a combination of machine-learning software and eye-tracking technology, all the user of the headset has to do is think the word “grab”, and that object will move – for example, throwing a box at the robot trying to stop you from breaking out of a government lab. 

The current conversation around virtual reality, and technologies like it, lurches between optimism and cynicism. Critics have highlighted the narrow range of uses that the current technology is aimed at (think fun facial filters on Snapchat). But after the debut of virtual reality headsets Oculus Rift and HTC Vive at 2016’s Game Developers conference, entrepreneurs are increasingly taking notice of virtual reality's potential to make everyday life more convenient.

Tech giants such as Microsoft, Facebook and Google have all been in on the game since as far back as 2014, when Facebook bought Oculus (of Oculus Rift). Then, in 2016, Nintendo and Niantic (an off-shoot from Google) launched Pokémon Go. One of Microsoft’s leading technical fellows, Alex Kipman, told Polygon that distinctions between virtual reality, augmented reality and mixed reality were arbitrary: "At the end of the day, it’s all on a continuum." 

Oculus’s Jason Rubin has emphasised the potential that VR has to make human life that much more interesting or efficient. Say that you're undergoing a home renovation – potentially, with VR technology, you could pop on your headset and see a hologram of your living room. You could move your virtual furniture around with minimal effort, and then do exactly the same in reality – in half the time and effort. IKEA already offers a similar service in store – imagine being able to do it yourself.

Any kind of experience that is in part virtual reality – from video games to online tours of holiday destinations to interactive displays at museums – will become much more immersive.

Microsoft’s Hololens is already being trialled at University College London Hospital, where students can study detailed holograms of organs, and patients can get an in-depth look at their insides projected in front of them (Hololens won’t be commercially available for a while.) Neurable's ambitions go beyond video games – its headset was designed by neuroscientists who had spent years working in neurotechnology. It offers the potential for important scientific and technological breakthroughs in areas such as prosthetic limbs. 

Whether it was a childhood obsession with Star Wars or out of sheer laziness, as a society, we remain fascinated by the thought of being able to move objects with our minds. But in actual realityVR and similar technologies bring with them a set of prickly questions.

Will students at well-funded schools be able to get a more in-depth look at topography in a geography lesson through VR headsets than their counterparts elsewhere? Would companies be able to maintain a grip on what people do in virtual reality, or would people eventually start to make their own (there are already plenty of DIY tutorials on the internet)? Will governments be able to regulate and monitor the use of insidious technology like augmented reality or mixed reality, and make sure that it doesn't become potentially harmful to minors or infringe on privacy rights? 

Worldwide spending on items such as virtual reality headsets and games is forecast to double every year until 2021, according to recent figures. Industry experts and innovators tend to agree that it remains extremely unlikely you’ll walk into someone examining a hologram on the street. All the same, VR technology like Neurable’s is slowly creeping into the fabric of our lived environment.