How to find out if your iPhone or iPad UDID has been compromised

AntiSec hackers have released 1 million Apple unique device identification (UDID) numbers, which could give others access to iPhones, iPads, and iPod Touch devices. Here's how to determine if yours was included in the hack.

Yesterday, a hacker claiming an affiliation with AntiSec released 1 million Apple unique device identification numbers (UDIDs) from iPhones, iPads and iPod Touch devices. The Pastebin post with the data claims it was stolen from the FBI.

The breach could soon affect significantly more Apple users, as the Pastebin post claims the original file the hackers stole contained 12 million Apple UDIDs. For the purpose of the hack, the hackers decided "a million would be enough to release," the post says.

In the post, those behind the hack declare that it was carried out simply to inform Apple users of an apparent privacy invasion project currently being undertaken by the FBI.

"Well we have learnt it seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that', well sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed. so next option, we could have released mail and a very small extract of the data. some people would eventually pick up the issue but well, lets be honest, that will be ephemeral too...

...at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it. Also we think it's the right moment to release this knowing that Apple is looking for alternatives for those UDID currently and since a while blocked axx to it, but well, in this case it's too late for those concerned owners on the list. we always thought it was a really bad idea. that hardware coded IDs for devices concept should be erradicated from any device on the market in the future."

Some simple instructions emerged quickly after the hack that show users how to find out if their device was among those compromised in the attack.

First, this Innerfence post gives pretty straightforward instructions on finding and copying an individual devices UDID. By simply plugging an iOS device into a computer equipped with iTunes, then entering the Summary tab for the device in iTunes, the user will see the serial number for his or her iOS device. Clicking on the serial number will reveal the 40-character identification number:

The Innerfence post advises copying the number with the clipboard function, which can be done by highlighting the UDID number, clicking Edit in the menu bar in iTunes and selecting Copy.

In response to the attack, Florida-based Unix developer Sean Maguire has created this tool. There, any user can enter a UDID number to see if it was included in the pool of data leaked by AntiSec. When asked whether his open source tool was simply another way hackers or identity thieves can get their hands on UDIDs, Maguire said users will just have to take a leap of faith:

Someone on HN just asked if this was just another way to grab UDIDs... nope

You gotta trust someone, kimosabe!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.