iMessage Bug Sends Texts to Stolen iPhones

[MacRumors]

It appears that a bug in iMessage allows texts to be sent to a stolen iPhone, even after a remote wipe and disabling the SIM card, reports Ars Technica.

iMessage, introduced in iOS 5, is similar to RIM's BlackBerry messaging service. It sends text, picture, and video messages over Apple's servers instead of via the carrier's SMS service. This can lower the user's text messaging charges and adds features like delivery confirmation. It also allows users of non-cellular devices, like the iPad and iPod Touch, to send and receive text and picture messages -- as featured in a recent iPod Touch television ad.

According to Ars Technica:

Quote:

Our attention was drawn to this story by Ars reader David Hovis, whose house was recently burglarized and his wife's iPhone 4S was stolen. According to Hovis, his wife deactivated her iPhone with her carrier, remote wiped it, and immediately changed her Apple ID password--"we picked up a new iPhone the next day, figuring that our insurance would end up paying for it," Hovis told Ars.

For most users, this would be the end of the story. The phone number had been transferred to a new device and the old one had been deactivated; what more is there to say? A lot, apparently, and in the form of iMessages. The thief who stole Mrs. Hovis' iPhone had sold the device to an unsuspecting buyer elsewhere in the state, and the buyer had begun sending and receiving iMessages from the phone as Mrs. Hovis--even though the stolen phone had apparently now been activated under a new number.

Hovis sent messages to new "owner" of his wife's old phone, with the messages going to both the old and new phone, but the other person was uncooperative. He discovered a thread on the MacRumors forums with several readers reporting the same issues.

Apple has not commented on the matter, but it's possible that the iMessage servers permanently links the UDID number of a particular handset to a phone number, so it knows what handset to deliver iMessages to. When the phone is remotely wiped, and a new SIM card installed, the iMessage servers don't update and messages continue to be sent to the stolen phone.

Article Link: iMessage Bug Sends Texts to Stolen iPhones

[3bs]

Quote:

Originally Posted by MacRumors

It sends text, picture, and video messages over Apple's servers instead of via the carrier's SMS service.

Very often it fails to send pictures.. and I end up having to wait a while or e-mail them

[xorjo]

I posted about this long time ago, when the iphone 4s was just released. I found the solution. Change the phone number. Even after remotely wiping your phone changing apple id or anything else you can think of, the phone number is still on the old phone and cannot be changed unless the person with the stolen iphone does a restore. Changing the phone number will work. You can receive imessages in your iphone even with no sim card through the phone number which was a major headache for me, but after trying everything you can think of, changing the phone number worked.

[Djmx]

That can't be true.. I have done this with a few different phones. Replaced the sim card with another and sent a message, it was delivered with that number. Using iMessage. It could be, maybe that it gets remote wiped. Did they try a Restore...???

[f00f]

I guess it makes sense to assume that any person could be identified by N number of UDIDs on the server side of iMessage. (My iPhone, my iPad, my iPod Touch, etc -- that's three right there!)

But for this to be a permanent linkage is clearly a design flaw/oversight. The remote wipe should have nuked the UDID from iMessage's server-side database (or where ever the hell it's stored).

[xorjo]

Quote:

Originally Posted by Djmx

That can't be true.. I have done this with a few different phones. Replaced the sim card with another and sent a message, it was delivered with that number. Using iMessage. It could be, maybe that it gets remote wiped. Did they try a Restore...???

Restore what? They don't have the iphone, it's stolen remember? This is a fact and I was a victim of this back in October. Unless the person with the stolen iphone puts a new sim card on the phone and uses it or he restores it, there's nothing you can do unless you change your phone number. Simple as that.

[Gubbz]

I think this shows great promise for those that have their iPhone/iPad/iPod Touch stolen. It shows Apple is sending to the registered hardware. In that case, Apple can know where it is in the world, helping victims report them to allow them to be returned even if it has been remote-wiped, that can then be just a safe guard for your information...

[pacmania1982]

What the hell is 'burglarized'? Its burgled!!

[f00f]

Quote:

Originally Posted by pacmania1982

What the hell is 'burglarized'? Its burgled!!

Heh. Indeed -- it is also that.

[wordoflife]

So basically if you restore with a SIM tied to your number, iMessages might get sent to that device.

Scary stuff, really.

[xorjo]

Quote:

Originally Posted by wordoflife

So basically if you restore with a SIM tied to your number, iMessages might get sent to that device.

Scary stuff, really.

You can also send messages too! Not just receive them... thats scary part.. and worse, the person who gets them come with your phone number...

[Pixellated]

Quote:

Originally Posted by pacmania1982

What the hell is 'burglarized'? Its burgled!!

It must be an American thing. I was just about to write the same thing

[rmwebs]

Quote:

Originally Posted by pacmania1982

What the hell is 'burglarized'? Its burgled!!

I'm assuming its a made up word from the US

(No offence...we've got some stupid words too!)

[baryon]

Strange as hell! What would happen if you swapped your SIM cards out a lot, for example, if you got an unlocked iPhone? Would that cause any issues with iMessage?

On another note, insurance on a phone? Since when is that a common thing???

Quote:

Originally Posted by Gubbz

I think this shows great promise for those that have their iPhone/iPad/iPod Touch stolen. It shows Apple is sending to the registered hardware. In that case, Apple can know where it is in the world, helping victims report them to allow them to be returned even if it has been remote-wiped, that can then be just a safe guard for your information...

Interesting thought! However, if the device has been wiped by the person who stole it (or remote wiped by you), you can no longer track it as far as I know, even if technically it would be possible since the UUID is still the same… Or is it actually possible to track it after a wipe?

[timd.mackey]

Quote:

Originally Posted by rmwebs

I'm assuming its a made up word from the US

(No offence...we've got some stupid words too!)

"Burglarize" is what most people say in the US. I've never heard anyone here say "burgle" before, I've only seen it in British publications.

(interesting info on the word: http://english.stackexchange.com/que...d#answer-20859)

[smash]

The thing is ... if I'm traveling internationally I'd love for iMessages to go to the SIM card I'm using overseas ... even if the number is different. So, this seems more like a feature than something else.

However, Apple definitely needs to replace the old UDID if a phone is replaced. This seems a bit senseless on their part, but it may simply be difficult to track. Also, I can only imagine if someone simply switches away from the iPhone platform to something else if their iMessages will still continue elsewhere.

[BlendedFrog]

If verified that this is a bug then it is something that needs to be fixed. But on the other hand it could be something that could come in handy. Think about it....your iphone is lost or stolen and someone wipes it or replaces the SIM so they can use it. But you are still able to send an iMessage to it. How cool would that actually be if that could actually lead to the phone being returned to you.

[andiwm2003]

Quote:

Originally Posted by BlendedFrog

If verified that this is a bug then it is something that needs to be fixed. But on the other hand it could be something that could come in handy. Think about it....your iphone is lost or stolen and someone wipes it or replaces the SIM so they can use it. But you are still able to send an iMessage to it. How cool would that actually be if that could actually lead to the phone being returned to you.

it also should mean that apple can track your phone even after a remote wipe. it says it can't be tracked anymore after a wipe but this bug shows i can be tracked.

[FakeWozniak]

It's a feature to be able to tell the thief pleasantries from time to time.

[rmwebs]

Quote:

Originally Posted by timd.mackey

"Burglarize" is what most people say in the US. I've never heard anyone here say "burgle" before, I've only seen it in British publications.

(interesting info on the word: http://english.stackexchange.com/que...d#answer-20859)

I'd expect it to be a more common word when it comes to statistics...the US has a much, much higher population than the UK For us, it really does sound almost made up, the equivalent of say... Robberized (assuming thats not an actual word) instead of robbed.

Its interesting how languages & cultures work out

[dave420]

Quote:

Originally Posted by BlendedFrog

If verified that this is a bug then it is something that needs to be fixed. But on the other hand it could be something that could come in handy. Think about it....your iphone is lost or stolen and someone wipes it or replaces the SIM so they can use it. But you are still able to send an iMessage to it. How cool would that actually be if that could actually lead to the phone being returned to you.

The new owner gets to see every iMessage I send/receive. That may result in an occaional returned phone, but the rest of the time it is a huge privacy risk. It could go on forever. Every single iMessage you send/receive will be visible to the thief.
I have been following this issue for a while, and there have been lots of threads about this happening. In some cases users were getting sexually explicit messages from random people.
Apple needs to resolve this problem.

[Westacular]

Quote:

Originally Posted by baryon

On another note, insurance on a phone? Since when is that a common thing???

The insurance wasn't on the phone, it was for their home. Many (most?) home insurance policies cover theft. The phone was stolen from their home in a break-in; thus, the cost of replacing it was covered under their home insurance.

[kycophpd]

Burglarize is in the same dictionary you point to when you say burgle so obviously it's a word.

[Westacular]

Quote:

Originally Posted by rmwebs

I'd expect it to be a more common word when it comes to statistics...the US has a much, much higher population than the UK For us, it really does sound almost made up, the equivalent of say... Robberized (assuming thats not an actual word) instead of robbed.

Its interesting how languages & cultures work out

To a American or Canadian ear, "burgled" sounds like something made-up through a bit of whimsical word-play.

The key difference with your example is that "robber", the noun, is derived from "rob", the verb. (Yes, it's an historical thing.)

With "burglar", the noun came first -- it's not derived from "burgle"; rather, "burgle" is a back-formation based upon it.

But back-formations are much more the exception than the norm when it comes to deriving verbs from English nouns. The more customary way to derive a verb is to add -ize (or -ise) to the end. Thus, "burglarize".

What's interesting is how, when American and British English really started to diverge, "burglar" was a part of the lexicon but a verb form of the word was not. The route each took in doing so is perfectly legitimate -- neither inherently more "right" than the other -- but a century later, the alternate word from the other side of the pond seems silly, for both sides.

Of course, one can question the necessity of any verb form, given lots of alternate words like rob, stole, broke into, etc. Off the top of my head, I'd say burglarize / burgle are more specific in their connotation, used normally in the passive voice, to refer to the specific act of person(s) entering a building (typically a domicile), in secret and without permission, and stealing items from within.

Ex:
"I was robbed" versus "I was burglarized". In the absence of any other context, the latter paints more detailed picture -- we can safely assume several more details about how and where the theft occurred from "burglarized" than we could from "robbed".

[powers74]

I had a weird iMessage thing happen last night. My wife and I sent each other an iMessage at ~the exact~ same time and my message did not go through. Guess it still has some bugs left to be worked out.

Technical details - Between an iPhone4 & iPad2. Same iTunes account. iPad set up with separate email account. iPad did not get the message. Other than that, seemingly no other issues.