Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 6, 2012, 03:30 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Compensates Victim of iMessage Bug for Breach of Privacy




In December, an apparent bug appeared in Apple's iMessage service that allowed iMessages to be sent to a stolen iPhone. The messages can, apparently, continue to be sent and received from the stolen phone after a remote wipe and a SIM card deactivation. This is obviously an unintended action, and though Apple explains the solution to be "toggle iMessage on and off" in the Settings app, that is an impossible act to perform remotely on a stolen phone.

The Next Web today reports of the case of an anonymous Apple customer who had her iPhone stolen and the lengthy discussions she had with Apple afterwards.




After her iPhone was stolen, Customer K had her SIM card deactivated. However, her friends told her that iMessages they sent continued to be delivered to the stolen iPhone because she hadn't invoked Find My iPhone's Remote Wipe feature. Apple's technical support personnel suggested a wide variety of solutions to prevent her messages from being sent to the other iPhone.

Suggestions to reset her Apple ID password, insert her SIM card into another iOS device, among others, made sense. One request, that she contact her friends and tell them to stop sending her iMessages, Customer K thought was completely unreasonable -- not to mention impractical.

Eventually, nearly 6 weeks after her phone was initially stolen, Apple did finally figure out a unique solution:
Quote:
Apple was finally able to remotely push 'code' out to the stolen iPhone in order to make the problem stop. This was a result of an Apple Engineering Team weighing in on how to solve the issue.
After the problem was finally solved, the customer continued to push Apple on the issue of compensation and was directed to Apple's legal department. She informed Apple Legal that she was troubled by the length of time that it took to prevent the iMessages from going to the stolen phone and wanted compensation for the extensive breach of privacy.

Eventually, after a phone discussion with Apple legal, K was offered an iPod Touch as compensation for her trouble. Apple claimed it would give her a device with which to receive iMessages.

Apple has still not commented on the matter, but one theory is that the iMessage servers permanently link the UDID number of a particular handset to an Apple ID, so it knows what handset to deliver iMessages to. Messages continue to be sent to a stolen iPhone until iMessage is manually toggled on and off -- a task that is impossible to perform on a stolen phone.

Article Link: Apple Compensates Victim of iMessage Bug for Breach of Privacy
MacRumors is offline   0 Reply With Quote
Old Feb 6, 2012, 03:34 PM   #2
Andronicus
macrumors 6502a
 
Join Date: Apr 2008
I would've told them an iPad 2 can get iMessages too!
Andronicus is offline   21 Reply With Quote
Old Feb 6, 2012, 03:36 PM   #3
Kilamite
macrumors G3
 
Kilamite's Avatar
 
Join Date: Mar 2007
Location: Scotland
Should have compensated her with a new iPhone instead of iPod touch. Or if she had already bought a new one, refunded what she paid with an Apple Gift Card.

"Here's an iPod touch so you can receive iMessages again, but don't lose it! We don't want to go through all this again!"
__________________
15" MacBook Pro 2GHz i7 8GB 750GB Hybrid | Mac mini 2.3GHz i7 16GB 1TB Fusion | OS X 10.10
iPhone 5 64GB | Apple TV 3 1080p | iOS 8.0.2
Home Theatre Hackintosh i3 3.5GHz 4GB 3TB | OS X 10.9
Kilamite is offline   27 Reply With Quote
Old Feb 6, 2012, 03:38 PM   #4
BanterClaus
macrumors regular
 
Join Date: Feb 2011
Location: UK
This needs fixing. A simple option on iCloud.com to unlink devices from your iMessages is what should be done in my opinion.
__________________
iPad 4 32GB iPhone 5S 16GB iPod Touch 4 32GB
13" 2011 MacBook Pro | i5 | 8GB | 120GB Vertex 3 SSD & 320GB HDD
Gaming PC | Quad i5 3.3GHz | 8GB | 1TB | AMD 6970 2GB
BanterClaus is offline   28 Reply With Quote
Old Feb 6, 2012, 03:41 PM   #5
acfusion29
Banned
 
Join Date: Nov 2007
Location: Toronto
Send a message via AIM to acfusion29
this story makes absolutely no sense to me..


Quote:
Apple has still not commented on the matter, but one theory is that the iMessage servers permanently link the UDID number of a particular handset to a phone number, so it knows what handset to deliver iMessages to. Messages continue to be sent to a stolen iPhone until iMessage is manually toggled on and off -- a task that is impossible to perform on a stolen phone.
if her sim card is deactivated, that means her phone number is no longer associated with the sim card. how are messages being sent to the device?
acfusion29 is offline   -2 Reply With Quote
Old Feb 6, 2012, 03:43 PM   #6
goobot
macrumors 601
 
goobot's Avatar
 
Join Date: Jun 2009
Location: long island NY
I'm not siding with apple here, but she didn't want to use find my iPhones wipe feature? That seems like that is completely on her. Also see couldn't have just changed her password, and then change it back either? It seems she wasn't that cooperative if I'm reading this correctly.
__________________
Unibody Macbook |iPad|Apple TV 2|Black iPhone 6

Last edited by goobot; Feb 6, 2012 at 03:48 PM.
goobot is offline   -13 Reply With Quote
Old Feb 6, 2012, 03:43 PM   #7
Michaelgtrusa
macrumors 601
 
Michaelgtrusa's Avatar
 
Join Date: Oct 2008
Location: Everywhere And Nowhere
I read this. No money?
__________________
iMACAll life is an experiment. The more experiments you make the better.
TWITTER TUMBLR
Michaelgtrusa is online now   3 Reply With Quote
Old Feb 6, 2012, 03:44 PM   #8
azentropy
macrumors 65816
 
Join Date: Jul 2002
Location: Surprise
Did she deem changing her password unreasonable, or did that not work?

There should be a better solution but I don't find changing your password to be unreasonable!

Edit:
Ok reading the full article it vaguely explains that changing her password did not solve the issue - strange.
azentropy is offline   -5 Reply With Quote
Old Feb 6, 2012, 03:45 PM   #9
IzzyJG99
macrumors 6502
 
Join Date: Oct 2007
....Breach of privacy, a major thing in the eyes of many Judges, and she gets paid off with an iPod Touch? I'd honestly want financial compensation for this if it happened to me.
__________________
20" iMac 3.06GHz Intel Core 2 Duo, 4GB RAM, 500GB HD; iPod Touch 16GB 2nd Gen; iPhone 4 16GB, iPad 2 16GB.
IzzyJG99 is offline   5 Reply With Quote
Old Feb 6, 2012, 03:46 PM   #10
jlgolson
Editor
 
jlgolson's Avatar
 
Join Date: Jun 2011
Location: Durango, CO
Send a message via AIM to jlgolson
Quote:
Originally Posted by azentropy View Post
Did she deem changing her password unreasonable, or did that not work?

There should be a better solution but I don't find changing your password to be unreasonable!
I edited slightly to clarify that it was only the advice to tell her friends to stop sending her messages that she found unreasonable.

Changing her password was reasonable, but ineffective.
__________________
Jordan Golson -- Editor at MacRumors -- jlgolson@macrumors.com -- @jlgolson
jlgolson is offline   0 Reply With Quote
Old Feb 6, 2012, 03:46 PM   #11
joeshmo2010
macrumors 6502a
 
Join Date: Jun 2009
Location: Seattle, WA
Wouldnt someone who steals an iPhone want to restore it anyway to get rid of the other persons stuff? I guess thieves really must be dumber than I thought.
__________________
iPhone 6+ Gold 32gb AT&T
iPad rMini 64gb WiFi+LTE Silver/White Vzn (AT&T Service)
15" Macbook Pro a/ Retina display (mid-2014) high-end model
joeshmo2010 is offline   7 Reply With Quote
Old Feb 6, 2012, 03:47 PM   #12
d21mike
macrumors 68020
 
d21mike's Avatar
 
Join Date: Jul 2007
Location: Torrance, CA
Quote:
Originally Posted by acfusion29 View Post
this story makes absolutely no sense to me..
if her sim card is deactivated, that means her phone number is no longer associated with the sim card. how are messages being sent to the device?
iMessage can use your email address as well as your phone number. Like FaceTime.
__________________
Mike
d21mike is offline   7 Reply With Quote
Old Feb 6, 2012, 03:48 PM   #13
ski1ski1
macrumors regular
 
Join Date: Nov 2007
Quote:
Originally Posted by acfusion29 View Post
this story makes absolutely no sense to me..




if her sim card is deactivated, that means her phone number is no longer associated with the sim card. how are messages being sent to the device?
Because unlike regular txt messages, iMessage is linked to the UDID of your phone, not not sim card. This is how it works even via wifi. The phone number or iTunes email address is used as an ID to send/receive iMessages. But there is a major design flaw. Apple uses to the sim card to verify the phone number for iMessage. But it only verifies the sim card upon initial iMessage activation. If the sim card is removed, deactivated, or replaced with a different sim, the Apple servers will still send iMessages to the phone via wifi. Or cellular data, if it has another valid sim card. Even one with a different number. This is because the iMessage phone number is linked on Apple's servers to the UDID of the phone, not the sim. This link on Apple's servers will remain until iMessage is manually deactivated in the phone's settings. Which is impossible if you lose your phone, or already sold it. Apple has known about this design flaw for over two months. I don't understand why Apple still has not fixed this major privacy issue.

Last edited by ski1ski1; Feb 6, 2012 at 04:47 PM.
ski1ski1 is offline   18 Reply With Quote
Old Feb 6, 2012, 03:48 PM   #14
JamesGorman
macrumors 65816
 
JamesGorman's Avatar
 
Join Date: Dec 2008
Location: Winnipeg
p

Last edited by JamesGorman; Feb 6, 2012 at 11:47 PM.
JamesGorman is offline   -10 Reply With Quote
Old Feb 6, 2012, 03:51 PM   #15
ski1ski1
macrumors regular
 
Join Date: Nov 2007
Quote:
Originally Posted by d21mike View Post
iMessage can use your email address as well as your phone number. Like FaceTime.
It also uses your phone number for an ID as a secondary way to send a iMessage. But the phone number for the device is only checked upon initial iMessage activation via the sim. If the sim is deactivated, replaced, or removed, without you deactivating iMessage in the phone's settings, iMessages will still be sent to the phone via the link on Apple's servers between the phone number and the Phone's UDID. iMessages are sent over wifi or cellular data. That's why even changing you iTunes password still won't stop it, unless the person sending the iMessage is using your iTunes email address as the ID, instead of your phone number.

Last edited by ski1ski1; Feb 6, 2012 at 04:41 PM.
ski1ski1 is offline   1 Reply With Quote
Old Feb 6, 2012, 03:52 PM   #16
OrangeSVTguy
macrumors 601
 
OrangeSVTguy's Avatar
 
Join Date: Sep 2007
Location: Northeastern Ohio
If apple was able to "push" code, then they should have disabled the phone completely then. Then the stolen iPhone black market would seize to exist.
__________________
Browsing the forums from my Powerbook G4
OrangeSVTguy is offline   15 Reply With Quote
Old Feb 6, 2012, 03:52 PM   #17
jamesnajera
macrumors 6502
 
Join Date: Oct 2003
So what are the exact steps I need to do before I sell my iPhone 4 when the iPhone 5 comes out?

Is it remove SIM, turn off iMessage, restore iPhone, turn on iMessage with no SIM?

I think Apple will need to provide detailed instructions on this, because this will be a big issue when the new iPhone comes out.
__________________
MacBook Air i7 2.0Ghz 13.3"
iPhone 5S
iPad 2
jamesnajera is offline   12 Reply With Quote
Old Feb 6, 2012, 04:00 PM   #18
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Let’s hope the lessons learned in this instance turn into a broad, SOP solution.
nagromme is offline   0 Reply With Quote
Old Feb 6, 2012, 04:03 PM   #19
*LTD*
Banned
 
Join Date: Feb 2009
Location: Canada
She actually pushed Apple legal on this . . . she wanted $$$.

Wow.
*LTD* is offline   -24 Reply With Quote
Old Feb 6, 2012, 04:08 PM   #20
ArtOfWarfare
macrumors 603
 
ArtOfWarfare's Avatar
 
Join Date: Nov 2007
Send a message via Skype™ to ArtOfWarfare
Quote:
Originally Posted by joeshmo2010 View Post
Wouldnt someone who steals an iPhone want to restore it anyway to get rid of the other persons stuff? I guess thieves really must be dumber than I thought.
Unless they're of the creepy stalker without any life of their own variety.
__________________
Don't tell me Macs don't last: 2007 iMac, 2007 Mac Mini, 2008 MacBook Air, all Vintage.
(iMac obsoletion: April 28, 2015, MBA: October 14, 2015, Mac Mini: March 9, 2016)
ArtOfWarfare is offline   2 Reply With Quote
Old Feb 6, 2012, 04:12 PM   #21
MarkMS
macrumors 6502a
 
Join Date: Aug 2006
Quote:
Originally Posted by jamesnajera View Post
So what are the exact steps I need to do before I sell my iPhone 4 when the iPhone 5 comes out?

Is it remove SIM, turn off iMessage, restore iPhone, turn on iMessage with no SIM?

I think Apple will need to provide detailed instructions on this, because this will be a big issue when the new iPhone comes out.
Yes, I believe that is the way to stop this from happening if you sell the iPhone. The problem becomes more muddied when the iPhone is stolen. Then you can't physically turn off iMessages or remove the SIM. To prevent iMessage from popping up on a stolen iPhone, you need to remote wipe that phone and call AT&T to deactivate the SIM. Not sure how this works (or is a problem) with Verizon/Sprint, but I assume you call them to disable the ESN.

The Verge had a good write up on it a few days ago: http://www.theverge.com/2012/2/3/276...ne-theft-issue
MarkMS is offline   2 Reply With Quote
Old Feb 6, 2012, 04:13 PM   #22
rmhop81
macrumors 68020
 
Join Date: Apr 2005
Location: Dallas, Tx
would it work the same if they associated iMessage with an email address instead of phone number?
__________________
MBA|11.6"|128GB • iPad rMini|32GB|LTE • iPhone 6 Plus|64GB • Apple TV • Time Capsule
rmhop81 is offline   0 Reply With Quote
Old Feb 6, 2012, 04:14 PM   #23
TalonFlyer
macrumors member
 
Join Date: Apr 2009
Duh!

Quote:
Originally Posted by OrangeSVTguy View Post
If apple was able to "push" code, then they should have disabled the phone completely then. Then the stolen iPhone black market would seize to exist.
EXACTLY!

If my iPhone is stolen, I should be able to file a police report then forward that report to Apple along with a request to wipe, disable and lock the phone.

Another idea would be to only allow a reset of the phone with your Apple ID and password. If Apple products failed to work after being stolen, they would not be stoled.
TalonFlyer is offline   3 Reply With Quote
Old Feb 6, 2012, 04:15 PM   #24
ABernardoJr
macrumors 6502
 
Join Date: Dec 2006
Quote:
Originally Posted by JamesGorman View Post
How can you not toggle on and off iMessages on a stolen phone? its not like the phone knows it was stolen
Because the stolen phone isn't in your possession?
ABernardoJr is offline   12 Reply With Quote
Old Feb 6, 2012, 04:17 PM   #25
brookshanes
macrumors member
 
Join Date: Jul 2011
Location: Midwest
probably money compensation under the table

The person probably got monetary compensation in addition to the iPod. No doubt if it took 6 weeks to get the messages turned off this customer has more anger than what an iPod can quash.
brookshanes is offline   5 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected MacRumors MacRumors.com News Discussion 147 Apr 16, 2014 06:24 AM
Apple Details iOS User Interface That Compensates for Device Motion MacRumors MacRumors.com News Discussion 25 Jan 17, 2014 09:15 AM
Apple Releases OS X 10.8.4 with Safari 6.0.5, iMessage Bug Fix MacRumors MacRumors.com News Discussion 278 Jun 25, 2013 03:07 PM
Major privacy bug with Mountain Lion Facebook integration PatriotInvasion OS X 10.8 Mountain Lion 4 May 13, 2013 09:58 PM
Protecting Imessage privacy? senseless iOS 6 3 Oct 10, 2012 07:08 PM

Forum Jump

All times are GMT -5. The time now is 11:29 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC