Feeds

Stolen, remote-wiped iPhones still get owner's iMessages

Crafty internet SMS app proves impervious to scrubbing

HP ProLiant Gen8: Integrated lifecycle automation

Victims of iPhone theft have discovered that remotely wiping the nicked kit won't stop iMessage content being delivered to the thief, who can continue to respond under the owner's name.

The flaw was spotted by one David Hovis, whose wife had her iPhone lifted and promptly deactivated the mobile number, remotely wiped the data and changed both Apple ID and password. But despite all that he discovered messages sent using iMessage were being received by buyer of the stolen handset, in addition to being delivered to his wife's new handset, and shared the experience with Ars Technica.

Not only was the receiver-of-stolen-goods getting messages addressed to Hovis' wife, but the chap was able to respond to the messages and got quite leery when told he had bought a stolen handset.

It seems the problem isn't unique to Mrs Hovis, but has hit quite a few iPhone users, a problem which will presumably increase as iMessage gains ground.

iMessage works by automatically turning SMS, and MMS, messages into internet traffic when a data connection is available at both ends. It only operates where both parties have an iPhone, and are connected to the internet, but when activated it does provide a free messaging service.

Users sometimes find themselves caught out when they get billed for an MMS they expected to be free, and where group send is being used the service can get quite confused, but in general it's a useful facility that users love. The fact that iMessages are converted from SMS's means they are addressed to a phone number, rather than an Apple ID or similar, which might explain why the ID is proving so resilient.

Changing the phone number should really prevent iMessage delivery, but it seems the application is somehow cacheing the phone number and refusing to forget that cached content despite being remotely wiped.

The only reported success in stopping message deliver was to switch off iMessage on the stolen device (which might be tough unless it's some sort of insurance scam) or register an completely new Apple ID and forget about the old one - though that means forgetting about all the films, music and applications owned by that account too.

If the problem is an overly persistent cache then Apple will probably get it fixed quite swiftly, but with Cupertino being as taciturn as ever we'll probably never know when they have, or what messages have been delivered to thieves (and their customers) in the meantime. ®

Top three mobile application threats

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.