Earlier this week, notorious hacking group Anonymous announced that it had more than 12 million Apple UDID identifier codes in its possession, and to prove it, released 1,000,001 of them out into the world.
In reality, it wasn’t the fact Anonymous had the UDIDs that made the story so fascinating, but rather where they came from and how it claimed to have got them; as who doesn’t love an intrigue-filled tale of eavesdropping, phishing, hacking and the FBI?
The day after the leak, and amidst considerable press attention, the FBI made several statements, with only subtle variations between them. Ultimately though, they denied that one of its laptops containing personal information had been hacked. In fact, it was so adamant that it never happened, it took to Twitter and called the allegation “TOTALLY FALSE.” Yep, in caps, to show how seriously they were treating the leak.
Hardly a surprise, as it was unlikely the FBI would hold its hands up and admit it had been careless.
But what about Apple? It had remained quiet until it provided a statement to AllThingsD.com yesterday, where to no-one’s surprise at all, it also denied any knowledge of the missing UDIDs. The statement read “The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization.”
The end of the UDID
Shocking stuff, but what came next was far more interesting. It continued to say “Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of the UDID.”
This, combined with Apple’s reluctance to approve apps that use the UDID code to track devices, should minimize the threat posed by this leak, although without other pertinent information, that threat was minimal anyway.
But the crux of the story, who had these UDIDs and why, remains a mystery. Right now, taking Apple and the FBI at their word, the UDIDs didn’t come from them. If you side with Anonymous though, then you’d know this is exactly what they would say, regardless of the truth.
There’s also the possibility that the UDIDs came from either a careless, or more worryingly a willing, developer. But would many developers have 12 million UDIDs? Possibly not, but then we have only seen a million of them.
So, will the truth ever come out? Now that Gawker’s Adrian Chen has bowed to Anonymous’ bizarre request to be featured on the site wearing a tutu and a shoe on his head, perhaps more information and a new leak will come soon.