Is FBI spying on Irish iPhone and iPad users?

Identification info on millions of iPhone and iPad users has been leaked to the internet, allegedly from FBI’s computers. Among them are also hundreds of Irish names.

The hacker group Anti-sec, a branch of the Anonymous movement, recently claimed it holds 12 million Apple device IDs (UDID), push notification IDs and names of iPhone and iPad users worldwide. There is supposed evidence that the data came from an FBI’s computer, though FBI have denied it. Of these 12 million, the hackers have made 1 million available to decrypt and have a look at, which we did. And to our surprise we have found a very large number of very Irish names on the list. And while most of those are likely to be American, there is also quite a noticeable presence of Irish spelled names such as Daithi, Ciaran or Ciara, Cathal, Padraig or Padraic, etc there, which Americans would be unlikely to use, combined with recognisable family names like Haggerty, Doyle, O’Byrne, Murphy, Lafferty, etc.

The information itself could theoretically be used to access iPhone and iPad apps from locations other than the owner’s device, so it depends on the sort of apps someone uses to determine what sort of damage that can cause to them. With some skill, attackers could retrieve the users’ geo-location, access their contact lists, log into their Facebook or Twitter, read their chats, etc.

But even more concerning than the potential abuse of leaked UDID’s is the fact that someone, whether that was FBI or anyone else, is collecting and storing lists of ID’s that should not be public knowledge. If Anti-sec got it from FBI or from other hackers, the fact remains, your name could be on the list, and your Apple device could be compromised without you knowing about it. And if that is the case, then there is definitely reason to be worried.

Since the leak, users worldwide have been scrambling to ascertain whether or not their devices have been compromised. In light of this, a number of sites have since popped up offering the user the ability to check their UDID against the leaked information. We strongly advise against this, as verifying just who is behind any such site and what they do with your UDID once you willingly give it to them is next to impossible.

Urban Schrott
IT Security & Cybercrime Analyst
ESET Ireland

Ciaran McHale
Tech Support Specialist
ESET Ireland

 


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s