L. Rizkallah, Nick Potter, Kyle Reed, Dylan Reynolds, Mohammed Salman, S. Bhunia
{"title":"红蟾蜍,蓝蟾蜍,黑蟾蜍?","authors":"L. Rizkallah, Nick Potter, Kyle Reed, Dylan Reynolds, Mohammed Salman, S. Bhunia","doi":"10.1109/aiiot54504.2022.9817361","DOIUrl":null,"url":null,"abstract":"Towards the end of 2012, it was announced by AntiSec, a small labeled sub-group of an anonymous hacktivists, that they leaked one million UDIDs of Apple users. AntiSec claimed the data were taken from a laptop that belonged to an agent who works for the authorities. However, it was later found that the trustworthy source of the leak was a small digital publishing company called BlueToad. In this paper, we investigate the motivation and methods of AntiSec by analyzing the data. There are many inconsistencies surrounding how the leak happened. As far as we know, there has never been a confirmed statement on how the data were accessed, but there are multiple theories. This paper examines the three main claims behind the data leak. We found that AntiSec was able to exploit the system through the vulnerability CVE-2012-0507. AntiSec could have used the UDIDs to track and collect Apple Users' private data; instead, they published the data to the public and blamed authorities for data collection. We analyzed the ramifications of AntiSec's decision. While it was never explicitly announced by BlueToad how they remedied the vulnerability, we provide the defense solutions they should have taken. We offer general tips for users to protect themselves from future attacks. We also detail some alternatives to using the UDID and which implementation Apple chose for their UDID replacement.","PeriodicalId":409264,"journal":{"name":"2022 IEEE World AI IoT Congress (AIIoT)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Red Toad, Blue Toad, Hacked Toad?\",\"authors\":\"L. Rizkallah, Nick Potter, Kyle Reed, Dylan Reynolds, Mohammed Salman, S. Bhunia\",\"doi\":\"10.1109/aiiot54504.2022.9817361\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Towards the end of 2012, it was announced by AntiSec, a small labeled sub-group of an anonymous hacktivists, that they leaked one million UDIDs of Apple users. AntiSec claimed the data were taken from a laptop that belonged to an agent who works for the authorities. However, it was later found that the trustworthy source of the leak was a small digital publishing company called BlueToad. In this paper, we investigate the motivation and methods of AntiSec by analyzing the data. There are many inconsistencies surrounding how the leak happened. As far as we know, there has never been a confirmed statement on how the data were accessed, but there are multiple theories. This paper examines the three main claims behind the data leak. We found that AntiSec was able to exploit the system through the vulnerability CVE-2012-0507. AntiSec could have used the UDIDs to track and collect Apple Users' private data; instead, they published the data to the public and blamed authorities for data collection. We analyzed the ramifications of AntiSec's decision. While it was never explicitly announced by BlueToad how they remedied the vulnerability, we provide the defense solutions they should have taken. We offer general tips for users to protect themselves from future attacks. We also detail some alternatives to using the UDID and which implementation Apple chose for their UDID replacement.\",\"PeriodicalId\":409264,\"journal\":{\"name\":\"2022 IEEE World AI IoT Congress (AIIoT)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE World AI IoT Congress (AIIoT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/aiiot54504.2022.9817361\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE World AI IoT Congress (AIIoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/aiiot54504.2022.9817361","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards the end of 2012, it was announced by AntiSec, a small labeled sub-group of an anonymous hacktivists, that they leaked one million UDIDs of Apple users. AntiSec claimed the data were taken from a laptop that belonged to an agent who works for the authorities. However, it was later found that the trustworthy source of the leak was a small digital publishing company called BlueToad. In this paper, we investigate the motivation and methods of AntiSec by analyzing the data. There are many inconsistencies surrounding how the leak happened. As far as we know, there has never been a confirmed statement on how the data were accessed, but there are multiple theories. This paper examines the three main claims behind the data leak. We found that AntiSec was able to exploit the system through the vulnerability CVE-2012-0507. AntiSec could have used the UDIDs to track and collect Apple Users' private data; instead, they published the data to the public and blamed authorities for data collection. We analyzed the ramifications of AntiSec's decision. While it was never explicitly announced by BlueToad how they remedied the vulnerability, we provide the defense solutions they should have taken. We offer general tips for users to protect themselves from future attacks. We also detail some alternatives to using the UDID and which implementation Apple chose for their UDID replacement.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
