By Jacqui Cheng, Ars Technica
Those who have had a phone lost or stolen are familiar with the horrors that follow: The thief (or the person he sold your phone to) starts to send texts as you to your family and friends, leaving you scrambling to de-activate the device as soon as possible. For modern iPhone owners, though, such a phenomenon should be in the distant past thanks to the advent of remote wipe capabilities, right?
Perhaps not. Some unlucky iPhone owners are beginning to discover that, despite their best efforts to remove all information from their stolen phones, thieves and unsuspecting buyers are still able to send and receive iMessages as the original owner — even after the device is registered under a new account. Almost nothing seems to work — remote wiping, changing Apple ID passwords, or even moving the old phone number to a new phone — and users are becoming more than frustrated that thieves are so easily able to pose as them.
Our attention was drawn to this story by Ars reader David Hovis, whose house was recently burglarized and his wife’s iPhone 4S was stolen. According to Hovis, his wife deactivated her iPhone with her carrier, remote wiped it, and immediately changed her Apple ID password — “we picked up a new iPhone the next day, figuring that our insurance would end up paying for it,” Hovis told Ars.
For most users, this would be the end of the story. The phone number had been transferred to a new device and the old one had been deactivated; what more is there to say? A lot, apparently, and in the form of iMessages. The thief who stole Mrs. Hovis’ iPhone had sold the device to an unsuspecting buyer elsewhere in the state, and the buyer had begun sending and receiving iMessages from the phone as Mrs. Hovis — even though the stolen phone had apparently now been activated under a new number.
Hovis iMessaged back and forth with the new owner — his iMessages, incidentally, going to both his wife’s new phone and the old phone at the same time — but the new owner came off as confused and uncooperative, and the whole situation seemed to be at a dead end. That’s when Hovis began searching online, discovering that such a thing has happened to other iPhone users as well.
In a MacRumors forum thread from late October/early November, multiple users tell very similar stories about stolen iPhones and misdirected iMessages. The original poster of the thread remote wiped, changed his Apple ID e-mail and password, suspended his service through Verizon, and iMessages sent to him still went through to the stolen phone. Another user named PDiggles said his stolen iPhone was being used by someone going by “BigDaddy,” but when PDiggles’ friend tried to iMessage PDiggles, BigDaddy had replied saying the friend had the wrong number (indicating that the phone had indeed been activated under a new number).
A separate thread posted on the Apple Support boards discusses the same issue. A user named mindy1285 says her stolen iPhone 3GS is still receiving iMessages sent to her phone number, even though she already has a new phone activated on that number. Further down in the thread, she points out that the person who now has her stolen 3GS isn’t receiving regular phone calls or even normal SMSs sent to her number — only iMessages sent from other iPhone users appear to be making their way through to the stolen phone.
Why is it happening?
We reached out to Apple to ask why this seems to be happening and how it can be prevented, but the company has not responded to our request for comment. So we turned to iOS security expert Jonathan Zdziarski for his opinion on how a stolen (or even just an old, retired) device could be holding onto an iMessage identifier.
“I can only speculate, but I can see this being plausible,” Zdziarski told Ars. “iMessage registers with the subscriber’s phone number from the SIM, so let’s say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple’s servers with the UDID of the phone.”
In other words, iMessage may be pulling the old phone number from a cache somewhere and continuing to use it on the device if the SIM was removed after it was configured as a new phone. We were unable to test this theory (and keep in mind that it’s just a theory), but it certainly sounds like one of the more logical explanations for this phenomenon.
But my iPhone is still stolen. Now what?
This could be the first major kink in Apple’s iMessage setup since the service was rolled out as part of iOS 5 in October. Otherwise, iMessage works well as a seamless replacement for SMS between those using iOS devices, and users generally seem quite happy with the service. So what are you to do if your iPhone is lost, stolen, or just resold and you don’t want your iMessages going through to the new owner?
The original poster from the MacRumors forum thread, andrewhdn, eventually said he was able to resolve the issue by registering his new iPhone under a brand new Apple ID and canceling his old Apple ID completely. (This shouldn’t have worked, according to what AppleCare and iTunes representatives told him originally, but he claims his iMessages “work fine now.”) There’s one major downside to this option, however: Ditching an Apple ID completely means that you no longer have access to your past music and TV purchases through iTunes — apparently “not a big deal” for andrewhdn, but we can see this being a sticking point for those who buy lots of media.
Have any other Ars readers run into this problem? If so, what were your solutions (if any) to making sure your iMessages weren’t going to the wrong place? We’ll continue to press Apple on this issue to see if we can get further clarification, but in the meantime, make sure to keep an extra close eye on your iPhones so they stay out of the wrong hands.
Update: Twitter user Kim Hunter told me that he spoke with “Apple [security],” who told him it’s not a security problem and to turn iMessage off on the offending device. When I pointed out that you can’t turn iMessage off on a device that has been stolen because it’s not in your hands anymore, he agreed: “exactly, i found the issue when i put my sim in a friends phone to activate it. then they were able to send/view/obseve all my mess.”
Photo: Jim Merithew/Wired.com