Thursday, December 15, 2011, 08:59 pm
iPhone bug allows stolen phones to receive iMessages even after remote wipeScattered reports have emerged that stolen iPhones continue to receive iMessages intended for their original owners even after changing numbers, resetting Apple ID passwords and remote wiping the handsets.
ArsTechnica looked into the matter earlier this week after a reader reported experiencing the issue.
According to the report, a stolen iPhone 4S continued to receive the reader's wife's iMessages after the couple had deactivated the device with the carrier and remote wiped it. The contraband handset had even been resold and activated under a new number.
Apple released iMessage as part of iOS 5 in October. The service, which allows for free messaging between iOS users, has been much discussed because it poses a threat to wireless carriers' SMS revenues.
The issue does not appear to be an isolated incident, as multiple support threads (1, 2) on Apple's website have cropped up regarding the problem. Some users suggested that wiping an iPhone when the original SIM card is still in the device won't result in a clean reset, thereby allowing the iMessage feature to reactivate when the phone is restored.
Apple has yet to respond to a request for comment, but report author Jacqui Cheng did speak with iOS security expert Jonathan Zdziarski about the bug.
"I can only speculate, but I can see this being plausible," he said. "iMessage registers with the subscriber's phone number from the SIM, so let's say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple's servers with the UDID of the phone."
One user experiencing the issue claimed to have resolved it by canceling his old Apple ID completely, but the solution would be unacceptable to most customers, as it entails abandoning any iTunes and App Store purchases tied to the account.
Twitter user Kim Hunter told the publication that a representative from Apple's security unit had denied that it was a security problem, offering the relatively unhelpful solution of turning iMessage off on the offending device.
Apple has experienced minor issues with several of its new product rollouts this fall. iCloud, for instance, has been subject to intermittent outages. The company is also working on a software fix for battery life in iOS 5 after an initial fix failed to completely resolve the issue.
Most recently, the international iTunes Match launch got off to a false start on Wednesday ahead of its official release on Thursday.