ALL BLOG POSTS AND COMMENTS COPYRIGHT (C) 2003-2014 VOX DAY. ALL RIGHTS RESERVED. REPRODUCTION WITHOUT WRITTEN PERMISSION IS EXPRESSLY PROHIBITED.

Wednesday, September 05, 2012

What could go wrong?

One of the minor problems with being forced into a centralized data system is that you have to assume that the centralizer is as careful with your data as you are. Which, of course, is seldom the case:
Apple faced a major embarrassment on the eve of the launch of its new iPhone when hackers published a trove of sensitive information about 1m Apple devices online. The hacker group AntiSec, an offshoot of the Anonymous and Lulzsec collectives which last year targeted Sony, News International and others in a high-profile wave of attacks, said it had obtained the database of Apple device-identifiers from an FBI agent’s laptop.

The hackers claim this is just a sample from 12m records, which they say include the full names, street addresses and mobile phone numbers of owners of Apple's iPhones, iPads and iPod touches. Several security researchers verified the published data are genuine, but said they present little risk to the people involved as long as the other details are not released.
Antisec should go ahead and release the whole kit and kaboodle. Perhaps the fanbois will finally learn a salient lesson concerning the wisdom of trusting Apple, Facebook, Google, or any other company attempting to utilize the walled garden model.

If you're an Apple user who wants to find out if your device was compromised, The Next Web has created an online tool that lets you do so if you know your UDID.

Labels:

72 Comments:

Anonymous VryeDenker September 05, 2012 5:19 AM  

It's why I refuse to install WhatsApp or merge my Windows Phone address book with my facebook friends list. It's not foolproof, but it helps.

Anonymous MadPiper September 05, 2012 5:31 AM  

And why does an FBI agent have these records in his laptop? Doing a survey of Apple product owners?

Anonymous VryeDenker September 05, 2012 5:44 AM  

"And why does an FBI agent have these records in his laptop? Doing a survey of Apple product owners?"

90% of apple users are communists, the other 10% are too.

Blogger Markku September 05, 2012 5:57 AM  

If you're an Apple user, the answer to "did you get compromised" is obviously UDID.

It just wasn't necessarily by these hackers.

Blogger mmaier2112 September 05, 2012 6:06 AM  

Silly question:

Why is the headline "Hackers embarrass APPLE" instead of "Hackers embarrass FBI"?

Anonymous VryeDenker September 05, 2012 6:11 AM  

Because Apple is currently a hot topic and the FBI is not. It's all about generating the maximum amount of drama from a story. I used to work at a (very) large media company. It's how they roll.

Anonymous Bobo September 05, 2012 7:09 AM  

Luckily most South African users use fake address data anyway to get a US iTunes account. LulSec can get a collection of users who reside in McDonald's all over the USA. Way to go LulSec boys.

Anonymous Bobo September 05, 2012 7:11 AM  

VryeDenker said: "90% of apple users are communists, the other 10% are too."

You say it as if McCarthy was alive. It's 2012. If you're not a Communist you're suspect. I guess the list includes people FBI need not focus on.

Blogger IM2L844 September 05, 2012 7:31 AM  

In light of this, I find it a little comforting to know that I've never directly used an Apple product intentionally.

Anonymous Holla September 05, 2012 7:32 AM  

Unless your building your own smartphone and running it on a private ad-hoc network, you are being tracked.

This is not an Apple issue.

Anonymous JohnS September 05, 2012 7:39 AM  

@VryeDenker

ha! Good answer... (he said, casting a mistrustful glance toward his ipod touch)


Anonymous VryeDenker September 05, 2012 8:02 AM  

My wife got an iPod nano for her birthday a few years ago. She used it a few weeks and then dumped it because iTunes had to be updated constantly and we were still on ISDN back then, making it a 3-hour ordeal. I bought her a Safeway mp3 player for the equivalent of $25 and you upload songs to it the same way you would load them onto a flash drive. If you got REALLY fancy, you could use Windows Media Player to synch your music library, but that was optional.

Blogger Nate September 05, 2012 8:51 AM  

It is a huge Apple issue. You think the FBI has access to RIM's data? No. Hell RIM doesn't even have access to RIM's data.

The whole point is... Apple is sharing data with the government. THAT IS THE F'ing STORY.

Anonymous MadPiper September 05, 2012 8:58 AM  

Bingo Nate.

Anonymous The One September 05, 2012 8:58 AM  

My question is why were 1 million iphones inside a FBI's agent laptop?

Blogger IM2L844 September 05, 2012 9:03 AM  

Unless your building your own smartphone and running it on a private ad-hoc network, you are being tracked.

Not so much. 6 year old Basic phone. No contract. No internet. No texting. Only turned on when I need to make a call. No Facebook. Use Linux (LXDE) at home with Chromium browser (Incognito mode when uncertain). Lied to Google and almost everybody else about my personal info. They can track my disinformation all they want.

Not the perfect stealth strategy, but better than the average person's.

Blogger Nate September 05, 2012 9:19 AM  

"Unless your building your own smartphone and running it on a private ad-hoc network, you are being tracked."

Wrong. No one has access to RIM's data. Data has even been supoened and RIM still didn't provide access, because RIM demonstrated that they cannot be compelled to provide something they don't have. The data is encrypted and in order to get to it... even RIM would have to hack it.

It is an Apple, Android, Windows issue. Its certainly not a RIM issue.

But hey... just keep pretending that everything is the same. Give me a call the next time you hear about a massive RIM data leak.

Blogger Nate September 05, 2012 9:19 AM  

"Not the perfect stealth strategy, but better than the average person's."

or...

use a blackberry.

Blogger IM2L844 September 05, 2012 9:38 AM  

Have one. Screen broke. My cheap little Samsung flip phone works just fine for what I need and I don't worry about carrying it in my front pocket with my keys and other junk which was the demise of my BB.

Anonymous zen0 September 05, 2012 9:44 AM  

Could Holla be wrong again? How can this be!

Anonymous Holla September 05, 2012 9:50 AM  

Nate:

#1 - I was talking about viable platforms. And you're still being tracked via cell towers. And last time I checked, Blackberry phones were still running on the infrastructure provided by cell networks. I imagine it's short work to interpret the electrical signals moving over the air waves and turn them into speech. Since they can already tell what you're watching on television by analyzing your electric meter.

Other guy:

#2 - I said "smartphones" not "dumbphones." And you're still being tracked by cell towers, dumb or smart phone. Also, data isn't exactly a concern on ye old dumb phone.

Anonymous The other skeptic September 05, 2012 9:55 AM  

and nothing could go wrong here either

Blogger Giraffe September 05, 2012 9:57 AM  

Nate, you should go over to Res's blog. Your commentary is needed.

Anonymous harry12 September 05, 2012 10:01 AM  

.
I see women who code every time I dare take to the roads. ( Only I call it 'texting'. )

Anonymous dh September 05, 2012 10:12 AM  

> Use Linux (LXDE) at home with Chromium brows

Go to Debian, with XFCE, and Iceweasel as the browser. If you have a few extra hours you can verify MD5 sums, enable whole-driver encryption, and compile from source. Even if you run a crappy OS (like Windows or MacOS), simple virtualization will allow you to secure a second OS running within the insecure OS.

Anonymous George September 05, 2012 10:26 AM  

Bad news for Apple and Apple users.

But unless my SS, bank or medical records are compromised, I'll worry about many things of much more import.

This post strikes me as a continuation of VD's series of "I hate Apple" posts that tend to be boring filled with a good deal of envy of some sort.

In any case, it's hard to deny that among contemporary companies, Apple leads the way in terms of industry disruption and product design.

Blogger Nate September 05, 2012 10:30 AM  

"#1 - I was talking about viable platforms."

There are 91 million blackberry users world wide... and that number is not shrinking. Its growing by millions every year. As usual... you have no idea what you're talking about.

"And you're still being tracked via cell towers."

No. You're not. You could be... but there is simply to much data to be paying attention to everyone all the time... and cell phone towers only get you within 1000 meters unless you can triangulate.

Try again.

Contrast all of this with Apple... which literally knows exactly where you are at all times... and now has been demonstrated to share that data with law enforcement.

Blogger Nate September 05, 2012 10:31 AM  

"But unless my SS, bank or medical records are compromised"

Everything George. Including your credit card information... IF you have one of the 21 million devices effected.

Anonymous Holla September 05, 2012 10:36 AM  

Nate:

I appreciate your RIM fanboism but the old b-berry is going bankrupt.

Maybe they'll get sold off and scavenged by Apple some day.

As for being tracked:

http://rt.com/usa/news/nsa-whistleblower-binney-drake-978/

You dumb hick!

Anonymous prateorian September 05, 2012 10:43 AM  

"Apple is sharing data with the government."

That's the huge story? Cute. As if the govt. can't flip on the camera and speaker on your droid or feature phone? I've got additional bad news: the ISP's are giving everything to the govt. as we type, and it doesn't matter what kind of device you've got.

Blogger Doom September 05, 2012 10:48 AM  

dh,

I've been contemplating escaping MS Win (whatever). I've been thinking about PC BSD. It seems Debian's equivalent would be Ubuntu? Why Debian versus the more complex versions of BSD? Why the simpler? Really bad heart makes my runtimes often rather poor and complexity of tasks, learning curves, and such, need to be a little... less. Not that it would kill me, just that... I might never quite be in top form to do what it takes to install, set up, learn, etc. Any tips or hints would be good. Oh, I'm a gamer, part of the reason PC BSD looks good, works with (some? many?) otherwise Windows games.

As for the rest? Escaping Google? Well, blogging? Not much choice. I do avoid their browser and search engine, checking for the least info gobbing I can find. The others? Apple provides the only decent waterproof mp3 if I can figure out how to get back to swimming. At least I don't have a FB page, never did, don't want one. Nor do I tweet if that means much? Bah. Too complex, but I'm looking at getting out of what I can. Every time I jump out of the pan though...

Anonymous George September 05, 2012 11:01 AM  

Nate said:
"Everything George. Including your credit card information... IF you have one of the 21 million devices effected."

With regard to this hacking, it's 12 million devices, 1 million have been leaked, and there is no indication it includes any CC info.

On another note, the FBI is denying it is the source of the data and some folks are pointing at developer partners as the source.

Who knows!

All I know is that this story is of importance to those that like bashing Apple and to the truly paranoid among us.

Blogger Nate September 05, 2012 11:13 AM  

"I appreciate your RIM fanboism but the old b-berry is going bankrupt."

That's me... a RIM Fanboy... who uses Android. ***insert eyeroll here***

Holla.. I am a fan of accuracy. And the claim that RIM is going bankrupt is utterly stupid and inaccurate. RIM is spending tons of money building a new product. That is not the same as going bankrupt. Yes... if that new product fails... then they'll be in trouble. Just like Apple would be in trouble if the iphone 5 failed.

Blogger James Dixon September 05, 2012 11:28 AM  

> ...and now has been demonstrated to share that data with law enforcement.

Even without a warrant.

> As if the govt. can't flip on the camera and speaker on your droid or feature phone?

CyanogenMod. You might want to look into it.

> It seems Debian's equivalent would be Ubuntu?

Don't go with Ubuntu. They seem to have largely abandoned the desktop in favor of mobile devices. Try Linux Mint instead.

Anonymous George September 05, 2012 11:34 AM  

Nate said:

"Just like Apple would be in trouble if the iphone 5 failed."

Pretty tiny odds of that. Now...the new blackberry. RIMM stock has moved from $145 to $6 in 4 years. Probably an indication of the verdict consumers have offered concerning the Apple iPhone v. the Blackberry.

Anonymous Holla September 05, 2012 11:34 AM  

Nate:

You don't have to use a product to be a fanboy.

Spending lots of money on a last-ditch attempt to save a dying brand is not mutually exclusive to "going bankrupt." In fact, it's most likely the final nail in their coffin.

Obviously, people who care about having their digital exchanges kept private, like corporations, will demand something as secure as b-berry.

However, between a generation who has been raised to think it's OK to tweet their teets and the idiotic info-sharing circle jerkers known as Silicon Valley, privacy just isn't sexy enough to sustain a massive brand like RIM.

They'll either have to cut themselves down to boutique level (become the Rolls Royce of tech) or have their skeleton cleaned by the big boys.

Anonymous Poli_Mis September 05, 2012 11:41 AM  

Holla, stop using simple heuristics for arguments. They are too easy to pick apart.

1. 'RIM is going bankrupt.' Congrats. You have shown that you can read and comprehend Fast Company articles. There is no doubt that they are in deep doo doo if they don't score with a Hail Mary attempt at a new product they are finished. Completely. But Let's not declare the company deceased just yet. And I have no love for those Canucks incapable of learning lessons regarding User Experience (UX).

2. 'You're being tracked regardless.' Nice how this is easy to say because everybody believes it until you point out the triangulation thing and how it was a pretty well known meme last year about just how damn good Apple is at knowing and even predicting your location based on the historical data they keep. <-- That is most definitely an Apple thing and not a cell phone thing.

And I say this as somewhat of an Apple fanboi ... using the products and designing applications for use on said devices gives me the comfortable top 2% income I enjoy today.

But this story should have some people in jail or at least answering tough questions under oath and with television cameras ... at the very least.

Blogger Michael September 05, 2012 11:41 AM  

George said:
"Probably an indication of the verdict consumers have offered concerning the Apple iPhone v. the Blackberry."

Your final sentence there would seem to indicate a lack of awareness that Android has a far larger share of the smartphone market than either Apple or RIM.

Anonymous Poli_Mis September 05, 2012 11:48 AM  

I have always wondered what the percentage of commenters here are actively working in the tech industry today.

Must be high indeed considering Vox's game development and the sheer number of Gen X here that are the largest segment of working tech professionals.

Has there ever been an informal survey? I cannot recall.

Blogger Nate September 05, 2012 11:52 AM  

"Probably an indication of the verdict consumers have offered concerning the Apple iPhone v. the Blackberry."

There is no question that consumers prefer the iphone. After all... MPAI.

Blogger Nate September 05, 2012 11:52 AM  

Consider your company George. You and Holla make quite a pair.

Blogger Michael September 05, 2012 11:54 AM  

Poli_Mis said: "I have always wondered what the percentage of commenters here are actively working in the tech industry today. Must be high indeed considering Vox's game development and the sheer number of Gen X here "

Ok I'll start. I've been in the I/T industry all my adult life. But I'm one of those hated me-me-me Boomer types instead of the more-more-free-stuff-forever enlightened Gen Xers or Millennials.

Blogger Nate September 05, 2012 11:54 AM  

"Obviously, people who care about having their digital exchanges kept private, like corporations, will demand something as secure as b-berry."

Which Apple and Google are incapable of providing. Thank you for proving that there will always be a market for RIM. We're done here.

Blogger Nate September 05, 2012 11:55 AM  

"I have always wondered what the percentage of commenters here are actively working in the tech industry today."

You'd have to define "tech". At one point or another... almost everyone has worked for some company that could be defined as a "tech" company.

Blogger swiftfoxmark2 September 05, 2012 12:02 PM  

I really don't see what the big deal is. If you buy any of these products, you have basically forfeited your right to privacy.

I say we just overload their databases with information and make them all crash. Friend as many people as you can, tweet, share, and blog about as many insignificant events in your life as you can. It won't take long to overload that government database in Utah. I am almost certain that the damn thing was coded by a bunch of incompetent Indian/East Asian software developers, so I doubt it would take much.

As for Apple, what else can you expect from a company that was founded by a LSD addicted hippie?

Anonymous Holla September 05, 2012 12:05 PM  

Nate:

You were done before you started.

Fetal alcohol syndrome would be my first guess.

Crackberry baby my second.

The fact that a market exists for something doesn't mean that it won't be filled by a company not run by Canadians. - Marshall McCluhan


Anonymous Poli_Mis September 05, 2012 12:07 PM  

Nate, fair enough. The company I work for is wall-to-wall Java and Web developers. I think my company counts.

I would say for the sake of inclusion, one here must work on a team(s) that ship something that can be classified as software, or some kind of hardware. And I leave it to the rest if we want to include others not on the tip of the spear of design or development -- analysts, project managers, tech writers, marketing managers and other such individuals.

If my definition is too narrow, feel free to make it extensible ...

Anonymous Holla September 05, 2012 12:07 PM  

Oh, and you're going to be diapering your hydroencephalitis babies with your RIM stock before Q2 next year.

Anonymous Poli_Mis September 05, 2012 12:08 PM  

@swiftfoxmark2

Let's not forget his being of Syrian descent as long as you're reaching back.

Anonymous BW1 September 05, 2012 12:19 PM  

"The whole point is... Apple is sharing data with the government. THAT IS THE F'ing STORY."

Or rather, that the FBI is seeking, collecting, and storing said data. Apple isn't bound by the fourth amendment; the FBI is.

J. Edgar lives.

Blogger R. Bradley Andrews September 05, 2012 12:24 PM  

People should pay attention to not enter their entire UDID when checking, per the tutorial a few links in. That would not be good to expose to someone who happens to be listening to your traffic.

Blogger Nate September 05, 2012 12:28 PM  

"I would say for the sake of inclusion, one here must work on a team(s) that ship something that can be classified as software, or some kind of hardware"

The whole IT support industry just called. They said they kinda think they are tech companies too.

Anonymous Poli_Mis September 05, 2012 12:30 PM  

Reading a script is not keys to the kingdom. Sorry tech support.

And the morons handing the data over the federales don't count either.

Anonymous stg58 September 05, 2012 12:38 PM  

I work in oil&gas sales. All applied chemistry/electromechanical analysis equipment for process and laboratory applications.

Anonymous Holla September 05, 2012 12:40 PM  

http://nplusonemag.com/leave-your-cellphone-at-home

Anonymous toothy September 05, 2012 12:44 PM  

Industrial controls.

Anonymous George September 05, 2012 12:45 PM  

"Your final sentence there would seem to indicate a lack of awareness that Android has a far larger share of the smartphone market than either Apple or RIM."

This is not the right way to appreciate what Apple has done.When you look at top sales in the U.S. of smartphones by manufacturer, iPhones hold the top 3 spots. And with the recent judgement against Samsung, well, that's even better news for Apple.

Anonymous WaterBoy September 05, 2012 12:59 PM  

Holla: "Unless your building your own smartphone and running it on a private ad-hoc network, you are being tracked."

And then there's also the possibility of being tracked even when you don't carry a phone:

"The information — which potentially gives investigators a view into where people travel and how they spend their time — is characterized in internal police documents as a “massive intelligence database.”

Privacy advocates complain the databanks fail to exclude law-abiding drivers, who they say are likely unaware of the scope of monitoring.

“You’re talking about a record of movements over time of hundreds of thousands of innocent persons,” said Mark Silverstein, legal director of Colorado’s branch of the ACLU, which is mounting a nationwide effort to learn more about how license plate data is used. “It certainly is extremely powerful technology.”
"

Blogger James Dixon September 05, 2012 1:00 PM  

> I would say for the sake of inclusion, one here must work on a team(s) that ship something that can be classified as software, or some kind of hardware.

You are aware that most companies of more than a few hundred employees have an IT department, aren't you? Not to mention government agencies.

Blogger James Dixon September 05, 2012 1:04 PM  

Possibly. But then there are a lot more manufacturers making Android phones, fragmenting that market. Android is still dominating the market: "There were four Android phones for every iPhone shipped in the second quarter, research firm IDC said Wednesday."

Here's the relevant article: http://www.huffingtonpost.com/2012/08/08/android-marketshare-iphone_n_1756180.html

Anonymous rycamor September 05, 2012 1:12 PM  

Nate September 05, 2012 11:13 AM
RIM is spending tons of money building a new product. That is not the same as going bankrupt. Yes... if that new product fails... then they'll be in trouble. Just like Apple would be in trouble if the iphone 5 failed.


It is looking like a sweet piece of hardware. Of course, they had Nate at "the color gun-metal".

Blogger Michael September 05, 2012 1:23 PM  

George: "This is not the right way to appreciate what Apple has done.When you look at top sales in the U.S. of smartphones by manufacturer, iPhones hold the top 3 spots."

But your point was that "... an indication of the verdict consumers have offered concerning the Apple iPhone v. the Blackberry." Which (in typical fanboy style) conveniently ignored the far more relevant fact that 3x or 4x as many are choosing Android v. Blackberry.

"And with the recent judgement against Samsung, well, that's even better news for Apple."

Perhaps, but it certainly isn't good news for consumers that prefer a non-government-manipulated choice. And I suspect whatever benefit Apple gets from it will be short-lived as the manufacturers work around the ruling and (eventually) the absurdity of it causes a rework of the patent laws. Besides, the appeals haven't been heard yet and Samsung has plenty of fodder to get the ruling overturned.

Anonymous Noah B. September 05, 2012 1:26 PM  

Nate, since guns are never off topic -- what are your favorite electro-optic rifle sights, and why? (Or are you old school and don't trust anything that requires batteries?)

Anonymous Gen. Kong September 05, 2012 1:30 PM  

Nate:
The whole point is... Apple is sharing data with the government. THAT IS THE F'ing STORY.

Not only Apple, but Google, Facebook, Yahoo and most of not all of the few others.

Anonymous Noah B. September 05, 2012 1:45 PM  

"The whole point is... Apple is sharing data with the government. THAT IS THE F'ing STORY."

I was going to make the same point, and I missed that. If Apple is doing it, probably so is every other major hardware and software manufacturer. It's likely that the government has a massive database of hardware MAC addresses, IMEI numbers, CPUIDs, etc.

Anonymous Poli_Mis September 05, 2012 1:57 PM  

"The whole point is... Apple is sharing data with the government. THAT IS THE F'ing STORY."

Let's not forget how the CEO of AT&T gave the gubmint anything they asked for and he was rewarded with putting Government Motors back on track. Whitacre or something like that. He even appeared in the lie-infested television ad saying that they were healthy and that the bailout was nearly paid back to the taxpayers.

Blogger Michael September 05, 2012 4:50 PM  

Well, both Apple and FBI deny it...

"Summary: Both the FBI and now Apple have come forward to state that they had no involvement the ongoing 'UDID-gate,' which led to more than 1 million iOS device codes leaking to the Web."
http://www.zdnet.com/apple-we-didnt-pass-iphone-ipad-device-ids-to-fbi-7000003786/?s_cid=e550

Let's see ... which is usually the bigger liar ... giant self-serving corporation or giant totalitarian government agency ... think, think, think ... ooh, this is really a hard one ... wonder if even a super-intelligence could figure this one out ... for me I'll take some migraine medicine and ponder it later.

Anonymous WaterBoy September 05, 2012 4:55 PM  

...and bringing up the rear, we have Windows Phone 8.

Can't wait.

Anonymous Noah B. September 05, 2012 5:16 PM  

"Well, both Apple and FBI deny it..."

The FBI is made up of professional liars, to my guess is that they're lying. Notice that the FBI isn't saying "we don't collect that kind of information." They're just saying there's no "evidence" it came from them, like whoever hacked them didn't leave a thank you note with their name, address, and social security number on it.

And it is possible that Apple didn't give this information to the FBI and that the FBI and/or NSA actually do a little work to match UDID's/IMEI#s to people.

Anonymous Redlegben September 05, 2012 6:40 PM  

which they say include the full names, street addresses and mobile phone numbers of owners of Apple's iPhones, iPads and iPod touches.

Isn't that what phone books used to be?

Anonymous DrTorch September 05, 2012 7:20 PM  

Such a long thread, but VD, if you see this, I think you'll really want to read this study release:

href=http://newsroom.unl.edu/blog/?p=1280

National survey of economists finds vast gender gap in policy views Is there a “gender gap” in the views of professional economists? A new national study finds that while most economists agree on core economic concepts, values and methods, they differ along gender lines in their views on important economic policy.

Anonymous WaterBoy September 10, 2012 4:30 PM  

New update to old news: FBI was not the source of the breach.

Now the question is...did AntiSec lie about whose system they broke into, or were they really clueless about it?

Post a Comment

NO ANONYMOUS COMMENTS. Anonymous comments will be deleted.

Links to this post:

Create a Link

<< Home

Newer Posts Older Posts