Corey Tamas, December 20, 2011
A newly-discovered bug in iPhones using iOS 5 may make it impossible to extricate your iMessage identity from the device, thus leaving the door open for identity theft.
Reports seem to be cropping up claiming that an iPhone will still continue to receive your iMessages, even after it’s been wiped, reset, given a new phone number and even had its sim card replaced. This potentially means that someone who steals your iPhone can contact your friends and family while posing as you, as well as reading your incoming messages. This is not quite as severe a security breach as, say, being able to access your credit card number or financial records, but I don’t think there’s anyone who would be okay with a stranger reading their incoming iMessages. The mystifying part – the part upon which Apple has not yet commented – is that there seems to be nothing the user can do. Even changing your Apple ID password is of no avail.
Ars Technica delved into the story and spoke to iOS security expert Jonathan Zdziarski, who offered some thoughts on what’s going on:
[quote]“I can only speculate, but I can see this being plausible,” Zdziarski told Ars. “iMessage registers with the subscriber’s phone number from the SIM, so let’s say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple’s servers with the UDID of the phone.”[/quote]
There are reports in the wild that the problem can be overcome by ditching your old Apple ID completely and starting fresh with a new one, but the two obvious issues with that approach seem to defeat the point: Firstly, you’re trying to read your iMessages and keep them private, not become a new user and receive new messages. Secondly, this approach makes your purchase history through iTunes or the App Store (meaning music, apps, books, etc.) unavailable to you and those things will be lost. So it seems this would only appeal to the most desperate of us.
I can speak personally to this issue: I upgraded to an iPhone 4S and my mother is now using my trusty old iPhone 3GS. Not only is she receiving iMessages which are intended for me, but my outgoing iMessages are copied to her iPhone. Luckily for me, nobody seems interested in sexting me (which is the only time I’ve ever thought of that as “lucky”).
No fix appears to be in sight. We’ll keep you posted.
Source: Ars TechnicaFollow @macgasm