Feeds

Stolen, remote-wiped iPhones still get owner's iMessages

Crafty internet SMS app proves impervious to scrubbing

Security for virtualized datacentres

Victims of iPhone theft have discovered that remotely wiping the nicked kit won't stop iMessage content being delivered to the thief, who can continue to respond under the owner's name.

The flaw was spotted by one David Hovis, whose wife had her iPhone lifted and promptly deactivated the mobile number, remotely wiped the data and changed both Apple ID and password. But despite all that he discovered messages sent using iMessage were being received by buyer of the stolen handset, in addition to being delivered to his wife's new handset, and shared the experience with Ars Technica.

Not only was the receiver-of-stolen-goods getting messages addressed to Hovis' wife, but the chap was able to respond to the messages and got quite leery when told he had bought a stolen handset.

It seems the problem isn't unique to Mrs Hovis, but has hit quite a few iPhone users, a problem which will presumably increase as iMessage gains ground.

iMessage works by automatically turning SMS, and MMS, messages into internet traffic when a data connection is available at both ends. It only operates where both parties have an iPhone, and are connected to the internet, but when activated it does provide a free messaging service.

Users sometimes find themselves caught out when they get billed for an MMS they expected to be free, and where group send is being used the service can get quite confused, but in general it's a useful facility that users love. The fact that iMessages are converted from SMS's means they are addressed to a phone number, rather than an Apple ID or similar, which might explain why the ID is proving so resilient.

Changing the phone number should really prevent iMessage delivery, but it seems the application is somehow cacheing the phone number and refusing to forget that cached content despite being remotely wiped.

The only reported success in stopping message deliver was to switch off iMessage on the stolen device (which might be tough unless it's some sort of insurance scam) or register an completely new Apple ID and forget about the old one - though that means forgetting about all the films, music and applications owned by that account too.

If the problem is an overly persistent cache then Apple will probably get it fixed quite swiftly, but with Cupertino being as taciturn as ever we'll probably never know when they have, or what messages have been delivered to thieves (and their customers) in the meantime. ®

Beginner's guide to SSL certificates

More from The Register

next story
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.