Looks like all the hard work paid off for local NoVA Blogger David “@darthnull” Schuetz as he discovered the source of the Apple UDID leak last week. Apparently, there’s a small Florida-based private company called BlueToad that touches a lot of what we do on our smartphones. David, who works with Intrepidus Group on mobile security, contacted BlueToad last week and they immediately began an investigation. Earlier today their CEO confirmed that the data was theirs and that the attack took place two weeks prior. You can find their full statement here however it’s down right now so head over to the Google cache version. The good news is that BlueToad was in the process of migrating from using UDIDs per Apple recommendations … unfortunately they didn’t finish soon enough.
Here’s @darthnull being interviewed last Friday night on NBC News…
A small Florida publishing company says the million-record database of Apple gadget identifiers released last week by the hacker group Anonymous was stolen from its servers two weeks ago. The admission, delivered by the company’s CEO exclusively to NBC News, contradicts Anonymous’ claim that the hacker group stole the data from an FBI agent’s laptop in March.
Anonymous’ accusations garnered attention because they suggested that the FBI was using the unique gadget identifiers — called UDIDs — to engage in high-level spying on American citizens via their iPhones, iPads, and iPod Touch devices. The FBI denied the claim, last week, and when asked to comment for this story, referred to last week’s denial.
Paul DeHart, CEO of the BlueToad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company’s own database. The analysis found a 98 percent correlation between the two datasets.
For more of the technical details check out these posts on the Intrepidus Group blog.
So what about the other 11 million claimed UDIDs? Do they exist? If so, are they from the same source? Let us know in the comments below. Today’s post pic is from Twitter.com. See ya!