
Another theory on the “FBI” UDID leak - llambda
http://www.marco.org/2012/09/06/udid-theory
======
bri3d
How does he know that Glitter Draw Free was the culprit?

It's well known that APNS tokens are _not_ unique on a per-app basis, even
though the documentation says they might be. [0]

The theory that the leak didn't originate with the FBI is totally plausible,
but I don't understand the connection with Glitter Draw Free, and I suspect
the email's author doesn't realize that APNS tokens are not unique.

0: [http://stackoverflow.com/questions/2338267/is-the-apn-
device...](http://stackoverflow.com/questions/2338267/is-the-apn-device-token-
unique-to-each-individual-app)

~~~
Rudism
The fact that they had the details about the app pushing data through
apns.spankapps.com means they probably sniffed the traffic when launching each
of the apps on his phone, and saw that the device token that app was sending
up was the same as the one from the leaked data. Pure conjecture, but
definitely plausible.

~~~
bri3d
Sure, but he _can't_ know that that particular app was the culprit with only
that information because _every_ app which has ever been installed on his
device (barring a complete re-installation without restoration from backup)
will send the exact same token.

The only way to blame one particular app would be if that app were the only
app ever installed on a device whose identifier appears in the leak.

~~~
Rudism
Ahh, you're right! I was under the impression that push tokens were unique per
app, but I guess it's per-device.

------
runjake
I get a kick out of the fact that pundits like Arment and Gruber will flip
their lids any time Apple is faulted but they'll willfully call out other
companies without solid evidence. But it makes sense, given Apple punditry is
their source of income, I guess.

Not that I see anything wrong with this post. It's progress towards finding
the cause. But it gave me a chuckle.

~~~
rsynnott
Arment was quite quick to call out Apple over the broken app signing problem a
month or so ago, even when other people were wondering was it router-induced
corruption. He's also been complaining about the sandboxed-app-only
requirement for the Mac app store for ages.

~~~
angryasian
I imagine this is more due to the fact that it effects his product and income

~~~
Johngibb
*affects not effects

------
webreac
Now all the baby hackers will know that there may be a hole at spankapps.com
that allows to get 12 millions UDID. It is a follow up to stripe CTF.

------
AngrySkillzz
Interesting idea. Though the FBI's denial doesn't mean much, as it's exactly
what they'd do in this situation whether they had obtained the data or not.

Supposedly the guy whose laptop the data was hacked from was a DefCon
attendee, so I guess it is possible that he cracked some database and got the
data himself, unrelated to any FBI operation. But, of course, that's precisely
what the FBI might want us to think if this data was widely distributed and
they probably shouldn't have had it in the first place. It also doesn't
explain the connection to NCFTA.

And of course it's possible the AntiSec hackers obtained it completely on
their own and tried to connect it to the FBI afterwards.

~~~
jff
"We haxxed the FBI and look how naughty they were" sounds a lot better than
"We haxxed an app company and found things they'd be expected to have"

------
koide
The footnote theory that I quote below doesn't sound that far fetched to me,
especially after knowing about Stuxnet. I don't know if the FBI is involved,
but the theory is not that wacky for an FBI hack.

    
    
      For instance, I can’t figure out how and why the FBI would 
      have collected APNS tokens. What are they going to 
      do, steal the SpankApps SSL certificates somehow 
      and send a fake push notification from Glitter Draw 
      Free to a terrorist’s phone?

~~~
nateabele
Agreed, but I think it would be a mistake to assume that this necessarily has
anything to do with 'terrism'. Let's not forget, these are the same people who
brought you Carnivore.

~~~
tptacek
"From the organization that brought you court-ordered installation of a basic
Ethernet sniffer comes APNS-enabled MITM'ing of individual IOS applications"?

That doesn't follow. I don't like the FBI installing sniffers at ISPs either,
but "Carnivore" is just a dumb name for a technique you had to have assumed
the FBI already had (what, they can tap phones but we thought email was off
limits?).

------
ghost91
Yeah, FBI nice try

~~~
jpdoctor
Seriously: Does anyone expect the FBI to say "Yeah, we're busted. That was our
laptop, we've been working with company XXX on collecting UDIDs, and we would
have gotten away with it if it hadn't been for those meddling kids."

------
at-fates-hands
This whole thing smells from the top down. You have a hacker group whose
primary modus operandi is all about "DOXING" people for the lulz.

So they hack into an FBI laptop and all the do is release 1 million apple
UDID's?? Hmmmmmmmm, makes you wonder.

Out of all the theories out there, this seems to be the most plausible once
you think the FBI has nothing to do with it.

