On Tuesday AntiSec claimed that they had hacked into a FBI computer and stole a database containing 12 million UDID numbers for iPhones and iPads around the world, which of course the FBI commented on as false:
“At this time there is no evidence indicating that a FBI laptop was compromised or that the FBI either sought or obtained this data.”.
And now Apple has finally release their statement for the incident, denying that they have even provided the FBI or any other organisation with UDID’s:
“The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID,” Which was sated by yhr Apple Spokeswoman Natalie Kerris to AllThingsD.
Chris Valasek, the Senior Security Reasearch Scientist from Coverity had this to say about the UDID leak:
“There appears to be a recent leak of Apple UDIDs. These identifiers are unique to an individual Apple device and cannot be changed. Many are concerned about having their UDIDs exposed. So exactly how worried should you be? The answer is, slightly concerned. Many times developers incorrectly use a user’s UDID to do certain types of tracking or worse, authentication . Having someone’s UDID alone does not permit an attacker to actively attack and control your phone. There may be personal privacy concerns, such as location tracking or account hijacking, but while a dump of UDIDs is not good it should not provoke panic.”
So it seems that there’s no worry of your device getting taken over by hackers at the moment, and with the introduction of iOS 6 and the ban of the use of UDIDs in any application in the next few weeks there should be no reason to panic.