Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Publisher BlueToad says it was true source of UDID leak

Publisher BlueToad says it was true source of UDID leak
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Sep 10, 2012, 09:42 AM
An app-based publishing company, BlueToad, was the real source of the one million UDIDs leaked to the Internet last week, NBC reports. The company's CEO, Paul DeHart, says that technicians downloaded the list and compared it to an internal database, and found that the two matched up 98 percent. "That's 100 percent confidence level, it's our data," he states. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."

DeHart comments that BlueToad decided to check when an outside researcher, David Schuetz, approached the company and suggested the link, pointing to multiple references to the firm in the data. During the investigation, the company's analysis suggested that the list was stolen "in the past two weeks." That could conflict with AntiSec's claim that the UDIDs were pulled from an FBI agent's notebook in March. Both Apple and the FBI have denied AntiSec's version of events, although Schuetz says he can't confirm the lack of an FBI connection. An Apple spokeswoman, Trudy Muller, has already issued a new statement. "As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type," she says. "Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer." DeHart says that BlueToad won't be contacting individuals to let them know their data was leaked; instead, the choice to share is being left up to the content publishers that represent BlueToad's client base. In the meantime people can check to see if their UDIDs were exposed through various third-party tools, such as Dazzlepod's. The CEO suggests that there isn't much threat to the leak, and simply recommends that people upgrade any apps they have, since BlueToad has stopped using UDIDs and newer versions of its apps don't collect the data. Apple itself is phasing out UDIDs; a replacement will take effect with iOS 6, and eventually developers will be banned from using the old system. Security researcher Aldo Cortesi contests DeHart's position, pointing out that UDIDs can potentially be used to gain access to online accounts and contact lists, and with some work, to discover a person's real identity.
Dedicated MacNNer
Join Date: Jul 2009
Status: Offline
Reply With Quote
Sep 10, 2012, 11:42 PM
Okay, wonderful, it wasn't Apple or the FBI.

Nevertheless, this is kind of worrisome: what this says is "in order for UDIDs not to be a security issue, every software publisher whose work you use has to avoid being hacked". That isn't terribly helpful.
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Sep 11, 2012, 12:54 AM
In other words, not a big deal.
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Privacy Policy
All times are GMT -4. The time now is 01:35 PM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2