Not my iPhone. Anything but my iPhone.

I love my iPhone.  Honestly, it’s like the part of my hand that has been missing all this time.  I could spend hours singing the praises of the iPhone and the many ways that it has both simplified and complicated my life.  I never knew that I needed a phone to watch movies, chart my sleep cycle, or send postcards.  But now, every one of its functions seems absolutely necessary. 

Among the many well-sung advantages of the iPhone was the assumption that it was secure.  Well, that particular advantage may be coming to an end.  Last week AntiSec, a hacker associated with Anonymous, leaked 1 million Apple unique device identifiers (UDID) for iPhones, iPads and iPod Touches. 

Photo from Raincoaster

They claimed to also have personal information such as user names, device names, notification tokens, cell phone numbers and addresses, though they did not leak this information.  AntiSec claimed that they obtained this data by hacking the FBI, and that by leaking the UDID’s they were shining a light on the FBI’s surveillance of Americans.  The FBI responded:

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Well, the FBI appears to be telling the truth.  NBC is reporting that the data was actually stolen from Blue Toad, a Florida company that develops digital subscription technology.  Paul DeHart, CEO of Blue Toad, told NBC that technicians compared the Anonymous dataset to their own database and found a 98% correlation.

"That's 100 percent confidence level, it's our data," DeHart said. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”
DeHart claims that fewer than 2 million UDID’s were actually stolen (far fewer than the 12 million AntiSec claims to have) and that the security hole has been plugged.  The company also immediately contacted both Apple and the FBI.

The dust is still settling on this and we may yet see AntiSec or Anonymous respond.  We know they love to embarrass the FBI, and if there is still any potential for that to happen  I’m sure they will seize it. In the meantime, what does this mean for us iPhone users?  You can check to see if your UDID was one that was leaked.  First, if you don’t know your UDID, visit http://whatsmyudid.com/ for instructions on how to find out.  There are also apps that will tell you your UDID.  Once you have your UDID, you can use one of the tools that are allowing people to check if their UDID was leaked. Should I Change my Password and Dazzlepod both seem like good options.  Remember though, just because yours was not leaked does not mean it hasn’t been compromised.  Anonymous only released some (1/2 or 1/12 depending on who you believe) of the UDIDs to which it has access.

-Nicole P