toggle

AAPL Stock: 100.96 ( -0.83 )

Printed from http://www.macnn.com

Publisher BlueToad says it was true source of UDID leak

updated 01:41 pm EDT, Mon September 10, 2012

Points to 98 percent match with stolen data

An app-based publishing company, BlueToad, was the real source of the one million UDIDs leaked to the Internet last week, NBC reports. The company's CEO, Paul DeHart, says that technicians downloaded the list and compared it to an internal database, and found that the two matched up 98 percent. "That's 100 percent confidence level, it's our data," he states. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."

DeHart comments that BlueToad decided to check when an outside researcher, David Schuetz, approached the company and suggested the link, pointing to multiple references to the firm in the data. During the investigation, the company's analysis suggested that the list was stolen "in the past two weeks." That could conflict with AntiSec's claim that the UDIDs were pulled from an FBI agent's notebook in March. Both Apple and the FBI have denied AntiSec's version of events, although Schuetz says he can't confirm the lack of an FBI connection.

An Apple spokeswoman, Trudy Muller, has already issued a new statement. "As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type," she says. "Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer."

DeHart says that BlueToad won't be contacting individuals to let them know their data was leaked; instead, the choice to share is being left up to the content publishers that represent BlueToad's client base. In the meantime people can check to see if their UDIDs were exposed through various third-party tools, such as Dazzlepod's.

The CEO suggests that there isn't much threat to the leak, and simply recommends that people upgrade any apps they have, since BlueToad has stopped using UDIDs and newer versions of its apps don't collect the data. Apple itself is phasing out UDIDs; a replacement will take effect with iOS 6, and eventually developers will be banned from using the old system. Security researcher Aldo Cortesi contests DeHart's position, pointing out that UDIDs can potentially be used to gain access to online accounts and contact lists, and with some work, to discover a person's real identity.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Okay, wonderful, it wasn't Apple or the FBI.

    Nevertheless, this is kind of worrisome: what this says is "in order for UDIDs not to be a security issue, every software publisher whose work you use has to avoid being hacked". That isn't terribly helpful.

  1. Steve Wilkinson

    Fresh-Faced Recruit

    Joined: 12-19-01

    In other words, not a big deal.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented