Feeds

Stolen, remote-wiped iPhones still get owner's iMessages

Crafty internet SMS app proves impervious to scrubbing

Remote control for virtualized desktops

Victims of iPhone theft have discovered that remotely wiping the nicked kit won't stop iMessage content being delivered to the thief, who can continue to respond under the owner's name.

The flaw was spotted by one David Hovis, whose wife had her iPhone lifted and promptly deactivated the mobile number, remotely wiped the data and changed both Apple ID and password. But despite all that he discovered messages sent using iMessage were being received by buyer of the stolen handset, in addition to being delivered to his wife's new handset, and shared the experience with Ars Technica.

Not only was the receiver-of-stolen-goods getting messages addressed to Hovis' wife, but the chap was able to respond to the messages and got quite leery when told he had bought a stolen handset.

It seems the problem isn't unique to Mrs Hovis, but has hit quite a few iPhone users, a problem which will presumably increase as iMessage gains ground.

iMessage works by automatically turning SMS, and MMS, messages into internet traffic when a data connection is available at both ends. It only operates where both parties have an iPhone, and are connected to the internet, but when activated it does provide a free messaging service.

Users sometimes find themselves caught out when they get billed for an MMS they expected to be free, and where group send is being used the service can get quite confused, but in general it's a useful facility that users love. The fact that iMessages are converted from SMS's means they are addressed to a phone number, rather than an Apple ID or similar, which might explain why the ID is proving so resilient.

Changing the phone number should really prevent iMessage delivery, but it seems the application is somehow cacheing the phone number and refusing to forget that cached content despite being remotely wiped.

The only reported success in stopping message deliver was to switch off iMessage on the stolen device (which might be tough unless it's some sort of insurance scam) or register an completely new Apple ID and forget about the old one - though that means forgetting about all the films, music and applications owned by that account too.

If the problem is an overly persistent cache then Apple will probably get it fixed quite swiftly, but with Cupertino being as taciturn as ever we'll probably never know when they have, or what messages have been delivered to thieves (and their customers) in the meantime. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
HTML5 vs native: Harry Coder and the mudblood mobile app princes
Developers just want their ideas to generate money
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.