iMessage Bug Sends Texts to Stolen iPhones

It appears that a bug in iMessage allows texts to be sent to a stolen iPhone, even after a remote wipe and disabling the SIM card, reports Ars Technica.

iMessage, introduced in iOS 5, is similar to RIM's BlackBerry messaging service. It sends text, picture, and video messages over Apple's servers instead of via the carrier's SMS service. This can lower the user's text messaging charges and adds features like delivery confirmation. It also allows users of non-cellular devices, like the iPad and iPod Touch, to send and receive text and picture messages -- as featured in a recent iPod Touch television ad.

According to Ars Technica:

Our attention was drawn to this story by Ars reader David Hovis, whose house was recently burglarized and his wife's iPhone 4S was stolen. According to Hovis, his wife deactivated her iPhone with her carrier, remote wiped it, and immediately changed her Apple ID password—"we picked up a new iPhone the next day, figuring that our insurance would end up paying for it," Hovis told Ars.

For most users, this would be the end of the story. The phone number had been transferred to a new device and the old one had been deactivated; what more is there to say? A lot, apparently, and in the form of iMessages. The thief who stole Mrs. Hovis' iPhone had sold the device to an unsuspecting buyer elsewhere in the state, and the buyer had begun sending and receiving iMessages from the phone as Mrs. Hovis—even though the stolen phone had apparently now been activated under a new number.

Hovis sent messages to new "owner" of his wife's old phone, with the messages going to both the old and new phone, but the other person was uncooperative. He discovered a thread on the MacRumors forums with several readers reporting the same issues.

Apple has not commented on the matter, but it's possible that the iMessage servers permanently links the UDID number of a particular handset to a phone number, so it knows what handset to deliver iMessages to. When the phone is remotely wiped, and a new SIM card installed, the iMessage servers don't update and messages continue to be sent to the stolen phone.

Top Rated Comments

(View all)

FakeWozniak

42 months ago

It's a feature to be able to tell the thief pleasantries from time to time.

Rating: 9 Votes

3bs

42 months ago

It sends text, picture, and video messages over Apple's servers instead of via the carrier's SMS service.

Very often it fails to send pictures.. and I end up having to wait a while or e-mail them

Rating: 3 Votes

f00f

42 months ago

I guess it makes sense to assume that any person could be identified by N number of UDIDs on the server side of iMessage. (My iPhone, my iPad, my iPod Touch, etc -- that's three right there!)

But for this to be a permanent linkage is clearly a design flaw/oversight. The remote wipe should have nuked the UDID from iMessage's server-side database (or where ever the hell it's stored).

Rating: 3 Votes

dave420

42 months ago

If verified that this is a bug then it is something that needs to be fixed. But on the other hand it could be something that could come in handy. Think about it....your iphone is lost or stolen and someone wipes it or replaces the SIM so they can use it. But you are still able to send an iMessage to it. How cool would that actually be if that could actually lead to the phone being returned to you.

The new owner gets to see every iMessage I send/receive. That may result in an occaional returned phone, but the rest of the time it is a huge privacy risk. It could go on forever. Every single iMessage you send/receive will be visible to the thief.
I have been following this issue for a while, and there have been lots of threads about this happening. In some cases users were getting sexually explicit messages from random people.
Apple needs to resolve this problem.

Rating: 3 Votes

xorjo

42 months ago

That can't be true.. I have done this with a few different phones. Replaced the sim card with another and sent a message, it was delivered with that number. Using iMessage. It could be, maybe that it gets remote wiped. Did they try a Restore...???

Restore what? They don't have the iphone, it's stolen remember? This is a fact and I was a victim of this back in October. Unless the person with the stolen iphone puts a new sim card on the phone and uses it or he restores it, there's nothing you can do unless you change your phone number. Simple as that.

Rating: 2 Votes

joeip77

42 months ago

Whats really sad is that 99.9% of the cellphone users that have an iPhone stolen doesn't know that the stollen phone is put back on the network, activated and is being used by someone else (ATT and Apple are making money off of your stollen phone) This happened to me, I filed a police report and spoke to Apple and ATT both and was told that the stollen iPhone
Was Not put on the Blacklist so it could not be used on the network anymore. The detective said that they could easily idetify if the the phone was back on the network from its imei#, but that they could not do so unless there was an investigation and that the iPhone could be used to solve a more serious crime. It seems that what ATT and Apple are allowing to happen is definatly a crime.
I even had an person at ATT tell me that when she first went to work for ATT that in one of her first staff meetings this stolen phone blacklist was brought up and they were told that this blacklist is no longer used. She has worked in other cell companys for years and the blacklist was always used to keep stollen phones from ever being used on the network again.What I think is Really insane is that when anyone activates an iPhone on iTunes or a person does this in the store, why doesn't ATT or Apples system see the
imei# as stollen and stop it from being used. I will tell you why more$$$$

Sad Stuff

This is from Wiki site

The IMEI number is used by the GSM network to identify valid devices and therefore can be used for stopping a stolen phone from accessing the network in that country. For example, if a mobile phone is stolen, the owner can call his or her network provider and instruct them to "blacklist" the phone using its IMEI number. This renders the phone useless on that network and sometimes other networks too, whether or not the phone's SIM is changed.

Rating: 2 Votes

Googlyhead

42 months ago

I've always wondered something about "Remote Wipe". Can thieves who obtain a remotely wiped iPhone re-sync it and have a fully working iPhone? Because surely it just becomes a factory restored iPhone?

Would love an answer.

I'd also like to know if you can keep requesting a remote wipe - ie. keep erasing the stolen phone over and over again to cause maximum inconvenience for the undeserving new 'owner'.

Rating: 2 Votes

obyte

42 months ago

This is NOT just stolen phones.

I recently upgraded to a HTC Titan from a iPhone 4 last week. I did the upgrade through the AT&T .01 WP7 sale. I activated the Titan and when I did that, EVERYONE who still has an iPhone / iPad / iPod Touch who has ever sent me a text message before the switch, they are still going to my iPhone because of iMessaging. The iPhone has no service and no sim card installed. It is only on wi-fi and all of the texts go to it still.

I can send someone a SMS from my Titan and their response goes to my iPhone. It is super annoying and no one knows how to fix it.

IMO this is complete ******** really and it needs to be fixed. Currently I am a slave to this iPhone now :/

Rating: 2 Votes

xed

42 months ago

What the hell is 'burglarized'? Its burgled!!

Just because you don't know doesn't mean it's incorrect. a simple google search would give you your much needed answers...

Rating: 1 Votes

ed724

42 months ago

iMessage isn't dependent on the phone number, or it wouldn't work with iPads and iPods eh !!!

Rating: 1 Votes

[ Read All Comments ]