toggle

AAPL Stock: 531.7 ( + 0.53 )

Printed from http://www.macnn.com

Publisher BlueToad says it was true source of UDID leak

updated 01:41 pm EDT, Mon September 10, 2012

Points to 98 percent match with stolen data

An app-based publishing company, BlueToad, was the real source of the one million UDIDs leaked to the Internet last week, NBC reports. The company's CEO, Paul DeHart, says that technicians downloaded the list and compared it to an internal database, and found that the two matched up 98 percent. "That's 100 percent confidence level, it's our data," he states. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."

DeHart comments that BlueToad decided to check when an outside researcher, David Schuetz, approached the company and suggested the link, pointing to multiple references to the firm in the data. During the investigation, the company's analysis suggested that the list was stolen "in the past two weeks." That could conflict with AntiSec's claim that the UDIDs were pulled from an FBI agent's notebook in March. Both Apple and the FBI have denied AntiSec's version of events, although Schuetz says he can't confirm the lack of an FBI connection.

An Apple spokeswoman, Trudy Muller, has already issued a new statement. "As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type," she says. "Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer."

DeHart says that BlueToad won't be contacting individuals to let them know their data was leaked; instead, the choice to share is being left up to the content publishers that represent BlueToad's client base. In the meantime people can check to see if their UDIDs were exposed through various third-party tools, such as Dazzlepod's.

The CEO suggests that there isn't much threat to the leak, and simply recommends that people upgrade any apps they have, since BlueToad has stopped using UDIDs and newer versions of its apps don't collect the data. Apple itself is phasing out UDIDs; a replacement will take effect with iOS 6, and eventually developers will be banned from using the old system. Security researcher Aldo Cortesi contests DeHart's position, pointing out that UDIDs can potentially be used to gain access to online accounts and contact lists, and with some work, to discover a person's real identity.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Okay, wonderful, it wasn't Apple or the FBI.

    Nevertheless, this is kind of worrisome: what this says is "in order for UDIDs not to be a security issue, every software publisher whose work you use has to avoid being hacked". That isn't terribly helpful.

  1. Steve Wilkinson

    Fresh-Faced Recruit

    Joined: 12-19-01

    In other words, not a big deal.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

STM Trust technology bag

The search for a good messenger bag that doubles as a laptop bag is something many travelers find themselves facing at least once. Bet ...

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for many years now. T ...

Booqpad for iPad Air

Before we get rolling, I'll confess: I've never understood the purpose of cases like the Booqpad. If you've got a tablet, surely p ...

toggle

Most Commented