Cancel your tapulous accounts now.

Discussion in 'iTunes App Store Games & Apps' started by SkylarEC, Jul 10, 2009.

  1. SkylarEC

    SkylarEC Super Moderator Emeritus Staff Member

    Joined:
    Sep 19, 2007
    Messages:
    6,642
    Likes Received:
    129
    There is an utility called UDID changer, which is useless, but whatever. UDID can be used to change the UDID on someone's phones to your UDID.

    Tapulous' complete authorization system is based on UDID. This means that if someone has your UDID and UDID changer, then they have access to your tapulous account. Tapulous stores your passwords on their server, and the only way to get to it is with the correct UDID, your UDID.

    A malicious user changes their UDID to your UDID, accesses your Twinkle account and now have access to your Twitter and Facebook, and whatever else they store.


    For the sake of safety, cancel your Tapulous accounts as soon as possible, or change your twitter and facebook passwords until this vulnerability is fixed.


    All it takes for someone to get your UDID is for you to give it to them, whether or not you know you are. Well, how is this possible?
    • The malicious user may just ask you, and you may give it to them.
    • The malicious user may give you screenshots for a fantastic application they are making and offer you a beta. Of course, they need your UDID for you to beta test.
    • The malicious user may be someone you know that actually has access to your device.
    • Installer applications, such as Installer and Cydia send requests to the server with the UDID in the request. The maicious user may set up a repo to collect UDIDs.
    • Etc. There are so many ways, it's ridiculous.

    Basically, you are not safe if you have a iPhone or iPod touch and a Tapulous account, you are at risk.


    UPDATE Tapulous are aware of the exploit, and are now working on a fix.
  2. HxC1337

    HxC1337 Banned

    Joined:
    Jul 9, 2009
    Messages:
    8
    Likes Received:
    0
    Device:
    2G iPod touch
    *goes to cancel account*
    Woah thats not ok. Thanks for the heads up.
  3. mitchell209

    mitchell209 Active Member

    Joined:
    Jan 21, 2009
    Messages:
    8,024
    Likes Received:
    5
    Device:
    iPhone 4 (Black)
    Oh, that doesn't sound good.

    I don't know my Tapulous account, though.

    Please Register or Log in to view images


    I don't even have a Facebook, so it's all good for me, though.

    Please Register or Log in to view images



    Let's hope they can fix this soon.
  4. BadKarma

    BadKarma Banned

    Joined:
    Jul 16, 2008
    Messages:
    4,037
    Likes Received:
    0
    Device:
    iPod touch
    Very true, but I wonder how you are going to get the "dim-witted" to heed this warning.
  5. mitchell209

    mitchell209 Active Member

    Joined:
    Jan 21, 2009
    Messages:
    8,024
    Likes Received:
    5
    Device:
    iPhone 4 (Black)
    We're not. We'll just laugh at them for not heeding the warning.
  6. SkylarEC

    SkylarEC Super Moderator Emeritus Staff Member

    Joined:
    Sep 19, 2007
    Messages:
    6,642
    Likes Received:
    129
    The dim witted failing to heed the warning are those that will make Tapulous take notice and fix their system.
  7. APV

    APV Well-Known Member

    Joined:
    Jan 22, 2009
    Messages:
    3,036
    Likes Received:
    69
    Device:
    5G iPod touch
    What?

    I would think they should get right on to fixing that like now!

    Twinkle is the only twitter app I like to use though...

    Please Register or Log in to view images

    darn.
  8. SkylarEC

    SkylarEC Super Moderator Emeritus Staff Member

    Joined:
    Sep 19, 2007
    Messages:
    6,642
    Likes Received:
    129
    They won't fix it if they don't know about it. Spread the word.
  9. APV

    APV Well-Known Member

    Joined:
    Jan 22, 2009
    Messages:
    3,036
    Likes Received:
    69
    Device:
    5G iPod touch
    I shall tell them through their twitter and twinkle accounts!
  10. negro101

    negro101 New Member

    Joined:
    Feb 22, 2009
    Messages:
    26
    Likes Received:
    0
    alright. How do u cancel it?

Share This Page