iMessage Bug Lets Thieves Keep Texting From a Stolen iPhone

By , Dec 17, 2011

One of the benefits of iCloud is Find My iPhone, a service that lets you locate and remote wipe a handset if it is stolen or misplaced. While remote wiping an iPhone on iOS 5 cleans the device of your personal information, a bug in iMessage has been discovered that lets a thief continue to send messages from someone’s iMessage account.

Ars Technica has uncovered the bug, and the scariest part is that permanently deleting your Apple ID is the only way to circumvent the issue until it is addressed by Apple.

Our attention was drawn to this story by Ars reader David Hovis, whose house was recently burglarized and his wife’s iPhone 4S was stolen. According to Hovis, his wife deactivated her iPhone with her carrier, remote wiped it, and immediately changed her Apple ID password—”we picked up a new iPhone the next day, figuring that our insurance would end up paying for it,” Hovis told Ars.

For most users, this would be the end of the story. The phone number had been transferred to a new device and the old one had been deactivated; what more is there to say? A lot, apparently, and in the form of iMessages. The thief who stole Mrs. Hovis’ iPhone had sold the device to an unsuspecting buyer elsewhere in the state, and the buyer had begun sending and receiving iMessages from the phone as Mrs. Hovis—even though the stolen phone had apparently now been activated under a new number.

The same problem has been mentioned several times on the MacRumors forums, with iMessage somehow continuing to function even after the iPhone’s SIM card was replaced. A security expert explained why iMessage is behaving this way:

“I can only speculate, but I can see this being plausible,” Zdziarski told Ars. “iMessage registers with the subscriber’s phone number from the SIM, so let’s say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple’s servers with the UDID of the phone.”

iMessage uses VoIP (Voice-Over-Internet Protocol) to send messages between iOS 5 devices, while the carriers are used to send normal SMS and MMS messages in all other cases. While iMessage typically works as a perfect replacement for SMS/MMS between iPhones and iPads, it seems that the service sticks to an iPhone’s number a little too closely. One should be able to cut ties with a lost/stolen iPhone completely by using Find My iPhone.

The only cure to the aforementioned bug seems to be deleting the associated Apple ID entirely. This means that all purchased iTunes content from that ID is no longer available. If you buy things from the iTunes and App Store regularly, deleting your Apple ID isn’t something that’s easy to do.

Apple will hopefully address this issue soon. In the meantime, try to not lose your iPhone!

  • Share:
  • Follow:
  • http://www.facebook.com/doggyyyyyyyyyyy Hennessy Hen-dogg Green

    iPhone team get u one!

  • http://twitter.com/kozaa Andrei

    bummer… new problem… how clever apple should be to stick iMessage to unique phone’s UDID…
    again to wait for a patch. and I was so happy with my ios5 jailbroken semitether (

  • http://twitter.com/vantheman169 vantheman420

    Don’t lose your phone or let someone steal it. Problem solved.

  • http://twitter.com/vantheman169 vantheman420

    But i am sure Apple will patch this in iOS 5.1

  • http://twitter.com/andru08 Andrew Wong

    That’s why I don’t associate my Apple ID with iMessage on my iPhone. Just my iPad. Knowing that, I will disassociate my Apple ID with iMessage on my iPad and use a disposable email instead.

  • http://www.facebook.com/brett.kessner Brett Kessner

    Okay.. So i sold my iphone 4 that was running ios 5, and got an iphone 4s… The same deactivated then activated a new phone which would be no different then what is explained in the article.. Does that mean that the person i sold my phone to could be getting my imessages?

  • Kok Hean

    I have my phone with me literally everywhere I go. No worries.

  • Anonymous

    Simple:

    1. Get a GoogleVoice (GV) virtual 10-digit number on your Area Code (NANP number). Can be “alpha-personalized”, if available in you Area Code.
    2. Use Google Voice for all TEXTing. Uses data band (cell or WiFi), exclusively.
    3. Knobs controlled via GoogleVoice APP for the iPhone (or webclip — your choice).
    4. Universal zero-cost SMS, free from pillage by the carrier.
    5. Virtual 10-digit identity is independent from carrier and owned for life, free! (akin to your own domain name.)

    As someone else already mentioned, if/when you enable iMessage, use a separate .me identity from the APP Market, associated only with iCloud and iMessage. If you have not done this, do it now! (iMessage is keyed, first, by phone number, and alternatively by domain string of your choosing).

    Cry me a River, if you depend a single, proprietary construct (Apple ID) for everything.