iMessage Bug Lets Thieves Keep Texting From a Stolen iPhone

One of the benefits of iCloud is Find My iPhone, a service that lets you locate and remote wipe a handset if it is stolen or misplaced. While remote wiping an iPhone on iOS 5 cleans the device of your personal information, a bug in iMessage has been discovered that lets a thief continue to send messages from someone’s iMessage account.

Ars Technica has uncovered the bug, and the scariest part is that permanently deleting your Apple ID is the only way to circumvent the issue until it is addressed by Apple.

Our attention was drawn to this story by Ars reader David Hovis, whose house was recently burglarized and his wife’s iPhone 4S was stolen. According to Hovis, his wife deactivated her iPhone with her carrier, remote wiped it, and immediately changed her Apple ID password—”we picked up a new iPhone the next day, figuring that our insurance would end up paying for it,” Hovis told Ars.

For most users, this would be the end of the story. The phone number had been transferred to a new device and the old one had been deactivated; what more is there to say? A lot, apparently, and in the form of iMessages. The thief who stole Mrs. Hovis’ iPhone had sold the device to an unsuspecting buyer elsewhere in the state, and the buyer had begun sending and receiving iMessages from the phone as Mrs. Hovis—even though the stolen phone had apparently now been activated under a new number.

The same problem has been mentioned several times on the MacRumors forums, with iMessage somehow continuing to function even after the iPhone’s SIM card was replaced. A security expert explained why iMessage is behaving this way:

“I can only speculate, but I can see this being plausible,” Zdziarski told Ars. “iMessage registers with the subscriber’s phone number from the SIM, so let’s say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple’s servers with the UDID of the phone.”

iMessage uses VoIP (Voice-Over-Internet Protocol) to send messages between iOS 5 devices, while the carriers are used to send normal SMS and MMS messages in all other cases. While iMessage typically works as a perfect replacement for SMS/MMS between iPhones and iPads, it seems that the service sticks to an iPhone’s number a little too closely. One should be able to cut ties with a lost/stolen iPhone completely by using Find My iPhone.

The only cure to the aforementioned bug seems to be deleting the associated Apple ID entirely. This means that all purchased iTunes content from that ID is no longer available. If you buy things from the iTunes and App Store regularly, deleting your Apple ID isn’t something that’s easy to do.

Apple will hopefully address this issue soon. In the meantime, try to not lose your iPhone!