John Paczkowski

Recent Posts by John Paczkowski

Red-Faced Blue Toad Says It’s the Source of Leaked Apple UDIDs

So those 12 million unique ID numbers for iOS devices that hacker collective AntiSec claimed to have pilfered from an FBI laptop? The ones the FBI said it never had in the first place? Looks like they came from a far more innocuous source: A small U.S. publishing firm that is now offering its apologies.

Paul DeHart, CEO of Blue Toad, a Florida publishing house, tells NBC that the list of one million Unique Device Identifiers (UDIDs) that AntiSec published earlier this month almost certainly came from its servers. Indeed, a comparison of the UDIDs on the AntiSec list to the UDIDs that BlueToad, a registered iOS app developer, has stored in one of its databases shows an almost 98 percent correlation between the two data sets.

“That’s 100 percent confidence level, it’s our data,” DeHart told NBC. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

So how did Blue Toad come by such a vast collection of iOS device UDIDs? Well, as I noted earlier, the company is a registered app developer. And while it’s not a household name, Blue Toad provides app-building services for about 6,000 different publishers, and it currently has 139 iPhone apps and 150 iPad apps available on the iTunes App Store. So it’s certainly plausible that Blue Toad might have a sizable collection of UDIDs. Apple confirmed as much in a statement to AllThingsD.

“As an app developer, BlueToad would have access to a user’s device information such as UDID, device name and type,” Apple spokeswoman Trudy Muller said. “Developers do not have access to users’ account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer.”

Muller added that Apple will soon do away with the UDID entirely, which will presumably bring an end to related security cock-ups like this one. “With iOS 6, we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID,” she said.


Twitter’s Tanking

December 30, 2013 at 6:49 am PT

2013 Was a Good Year for Chromebooks

December 29, 2013 at 2:12 pm PT

BlackBerry Pulls Latest Twitter for BB10 Update

December 29, 2013 at 5:58 am PT

Apple CEO Tim Cook Made $4.25 Million This Year

December 28, 2013 at 12:05 pm PT

Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik