Has anyone verified that this UDID leak isn't just the old "Goatse Security" leak re-branded? I'm not saying I have any evidence to that, but it seems strange that the "ownage" document didn't mention anything about how the hack was done.
Along those lines, has there been any talk of the attack vector? To get a list like this, it would seem that AT&T (as was the case with "Goatse Security") or Apple would need to be compromised to get this list.
During the second week of March 2012, a Dell Vostro notebook, used by
Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
Team and New York FBI Office Evidence Response Team was breached using the
AtomicReferenceArray vulnerability on Java, during the shell session some files
were downloaded from his Desktop folder one of them with the name of
"NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone
numbers, addresses, etc. the personal details fields referring to people
appears many times empty leaving the whole list incompleted on many parts. no
other file on the same folder makes mention about this list or its purpose.
Along those lines, has there been any talk of the attack vector? To get a list like this, it would seem that AT&T (as was the case with "Goatse Security") or Apple would need to be compromised to get this list.