Apple Compensates Victim of iMessage Bug for Breach of Privacy

[phillipjfry]

Quote:

Originally Posted by JAT

So you annoy her for another week and then get arrested. Great plan.

I didn't say it was a GREAT idea. Just saying that Apple would tread lightly when it comes to one-off injecting code into phones. That was all.

[longofest]

Quote:

Originally Posted by C00rDiNaT0r

It's a slippery slope though, what if I sold my iPhone on craigslist, then file that police report?

that's called a submitting a false claim, which can be a felony offense.

When things disappear from craigslist, it isn't actually "gone"... there are things called backups for exactly this reason.

[ghostface147]

I would've asked to get a new free unlocked 64 gig iPhone 4S this year and get a new unlocked iPhone for the rest of my life at launch at the current upgrade pricing of whichever carrier I choose to use. I pay that of course. Limit one per year. ETF rates apply.

If they say no, I'll take them to Judge Judy. Arrogance vs arrogance. lol

[SBacklin]

Quote:

Originally Posted by jlgolson

I edited slightly to clarify that it was only the advice to tell her friends to stop sending her messages that she found unreasonable.

Changing her password was reasonable, but ineffective.

I am interested in knowing how changing the password was ineffective. I changed my Apple ID password and almost immediately, my iPhone popped up messages from iMessage, FaceTime, iCloud that it needed a password to continue. If the device (specifically iMessage) is saying it needs the password to continue, then how would any future messages still be delivered to said device? I'm confused. I'm wondering if she just didn't say it didn't work to force more out of Apple. If what she says is actually true then Apple has a serious problem on its hands...as many people have sold devices (myself among them) and forgot to take out de-activated SIM, the device was wiped prior...but. This whole situation is very interesting.

[C00rDiNaT0r]

Quote:

Originally Posted by longofest

that's called a submitting a false claim, which can be a felony offense.

When things disappear from craigslist, it isn't actually "gone"... there are things called backups for exactly this reason.

Sure craigslist may have a backup of the original listing, but the proof of sale/purchase may not always reside on craigslist. There are always smarter people who know how to minimize the chances of getting caught, and people who just "don't know any better"...

That being said, I'm not encouraging anyone to engage in any illegal activities. My original point in that post was, the proposed solution - having Apple build a mechanism to remote-wipe/brick any iPhone - can potentially introduce new problems.

[alphaod]

This does look like a major issue. I hope they make this "unique" engineering code accessible to all users who wish to perform a remote wipe on a device.

[petsounds]

Funny how Apple barred third-party iOS developers from tying their app user accounts to a device's UDID, and yet Apple is doing exactly that! This software design decision really needs to be rethought. At least give users a way to trigger this "nuke it from orbit" code that Apple engineering developed.

[eimac75tl]

so who do I call to make it stop??

my son's brand new iPhone 4s was stolen at school.... a long story on school policy and honor codes is in order, but right now his friend's texts, as well as those from my wife and me, are all going to his stolen phone... the thief even replied to one before he realized it was my son's via imessage... right now neither my wife nor I can text my son....

ten hours at the AT&T store as well as at the Apple "genius" bar has not stopped it....

any help much appreciated!

Peace,
Me

[Furrybeagle]

Quote:

Originally Posted by pwhitehead

The thing that really scares me is that apple proves that they have the ability to breach security and gain remote access; as long as the device has a internet connect? Its great that this lady got help and id expect the same thing, but think about apple being able to remotely connect to ur handheld devices and make something happen. Scary...

This thought occurred to me as well. However, I think it’s far more likely that they pushed code to their own systems to drop the association between K’s iMessage account and the UDID of the stolen iPhone. That, or their push system has a mechanism to reset that association. (At least I would to hope so.)

Anyone who’s more knowledgable about this want to comment?

EDIT: Update to the article: “How Apple was able to accomplish ‘pushing code’ to the device, which was unable to be located on Find My iPhone is unclear, perhaps it was handled on its own iMessage servers, rather than the device itself. This seems to be the likeliest scenario.”

Quote:

Originally Posted by SBacklin

I am interested in knowing how changing the password was ineffective. I changed my Apple ID password and almost immediately, my iPhone popped up messages from iMessage, FaceTime, iCloud that it needed a password to continue. If the device (specifically iMessage) is saying it needs the password to continue, then how would any future messages still be delivered to said device? I'm confused. I'm wondering if she just didn't say it didn't work to force more out of Apple. If what she says is actually true then Apple has a serious problem on its hands...as many people have sold devices (myself among them) and forgot to take out de-activated SIM, the device was wiped prior...but. This whole situation is very interesting.

I don’t think she’s “just saying it,” since the issue has been documented in multiple cases. That’s interesting that your phone popped up those requests. It makes me think that the stolen iPhone is having messages pushed to it, without actually knowing the Apple ID they’re associated with. (Think of it like mail intended for you is showing up at your old address, but without your name on it.)

Again, someone with a better understanding of iMessage care to set me straight?

EDIT: If K receives iMessages at her phone number, and her phone number is associated with her old iPhone’s UDID, then maybe it doesn’t need the Apple ID password (since it’s sending via the phone number, not the email address).

[praetorian909]

"We're prepared to offer you free coffee and..."
--"I"LL TAKE IT!"

[aristotle]

Apple should have pushed out code to the stolen phone causing it to self-destruct causing battery fire.

[JamesGorman]

Quote:

Originally Posted by jowie

It should ask you to reconnect with an Apple ID and password if it detects a SIM card is replaced, removed or deactivated. Although it's true that if an iPod touch is stolen, the only solution is to remote wipe anyway.

Could you not just restore it anyway?

----------

Quote:

Originally Posted by ABernardoJr

Because the stolen phone isn't in your possession?

Wow, I totally thought it was meant as the thief could not toggle it on or off. Totally went over my head.

[macsrcool1234]

Quote:

Originally Posted by goobot

I'm not siding with apple here, but she didn't want to use find my iPhones wipe feature? That seems like that is completely on her. Also see couldn't have just changed her password, and then change it back either? It seems she wasn't that cooperative if I'm reading this correctly.

If you had bothered to read the article then you would know that does not fix the problem...

Quote:

Originally Posted by Blorzoga

I'm sick and tired of all these crybabies blaming others for their mistakes. Customer K lost her phone...boo hoo. Deal with it. Call your friends. Tell them you lost your phone and that you aren't receiving their messages. Get a new phone. Don't always try to make someone else responsible for your mistakes. Apple didn't lose your phone...you did. Compensation from Apple? You must be joking.

I had to read this twice to make sure you actually posted it. The problem isn't she lost her phone...its that messages continue to get sent to it. Learn to read.

[ladeer]

Quote:

Originally Posted by acfusion29

okay i think i understand.

it would have been easier to just make iMessage a separate app imo. i had to turn off "send as SMS" because i send iM's to people in another country and if send as SMS is enabled, then i'll be charged $0.75 when the person is not available and it automatically sends as a text.

IMO, Apple really didn't think this one through.

It's not Apple if they make two diff apps for iMessage. Also, the switch of conversations between the two wouldn't be seamless. The switch between the two apps will also suck.

[vrDrew]

Quote:

Originally Posted by eimac75tl

so who do I call to make it stop??

my son's brand new iPhone 4s was stolen at school.... a long story on school policy and honor codes is in order, but right now his friend's texts, as well as those from my wife and me, are all going to his stolen phone... the thief even replied to one before he realized it was my son's via imessage...

Have you tried simply NOT sending text messages to a phone you and your wife know is stolen? Or is that too simple of an answer?

[AppVue]

Is this the new way to spy on your GF's texts?

[Mac2012]

I look at it this way... YOU'RE BURNT!
Oh, when someone robs me and takes my cash I'll go after the Federal Reserve he he... lady, watch your stuff man! Everyone wants something for nothing... been like that since the beginning of time! She could have wiped it, over and done but she had to make a scene like the 0.01% out there that do over their own stupidity... she probably lost her kid a few times too![COLOR="#808080"]

[sparkie1984]

Quote:

Originally Posted by eimac75tl

so who do I call to make it stop??

my son's brand new iPhone 4s was stolen at school.... a long story on school policy and honor codes is in order, but right now his friend's texts, as well as those from my wife and me, are all going to his stolen phone... the thief even replied to one before he realized it was my son's via imessage... right now neither my wife nor I can text my son....

ten hours at the AT&T store as well as at the Apple "genius" bar has not stopped it....

any help much appreciated!

Peace,
Me

I would send email to CEO as their the only one with the power to sort this out

[mores]

There are two issues with this case.
First: the iMessage bug. This definately needs to be sorted out, and if Apple is unwilling to comment, the lady has every right to keep pushing, point a finger and cry "Bad Apple!".

Then there's the financial compensation that most of you here keep supporting. The Holyness of your privacy, and how dare anyone else read your texts.
If you were so concerned about privacy you wouldn't yak on the phone, in public, every chance you get. I know nearly everything of the people around me. What they had for breakfast, when they need to pick up their kid, what sex positions they tried out last night and what an ******* their boss is. I can listen in to phone calls thanks to cranked up hands-free sets in cars. I can even read texts, emails and websites that the people around me read, so how is it that now, all of a sudden, your privacy is so important you expect a company that provides you with a FREE service (as opposed to SMS) to pay for something you do voluntarily all the time?

I think the free iPod Touch is a nice gesture that should be appreciated, not dismissed.

[chrimux]

Quote:

Originally Posted by Kilamite

Should have compensated her with a new iPhone instead of iPod touch. Or if she had already bought a new one, refunded what she paid with an Apple Gift Card.

"Here's an iPod touch so you can receive iMessages again, but don't lose it! We don't want to go through all this again!"

Shouldn't have compensated her with another device she wouldn't take care of. If sb wanted to steal my iPhone they would have to kill me first.

[imacdaddy]

Quote:

Originally Posted by ski1ski1

Because unlike regular txt messages, iMessage is linked to the UDID of your phone, not not sim card. This is how it works even via wifi. The phone number or iTunes email address is used as an ID to send/receive iMessages. But there is a major design flaw. Apple uses to the sim card to verify the phone number for iMessage. But it only verifies the sim card upon initial iMessage activation. If the sim card is removed, deactivated, or replaced with a different sim, the Apple servers will still send iMessages to the phone via wifi. Or cellular data, if it has another valid sim card. Even one with a different number. This is because the iMessage phone number is linked on Apple's servers to the UDID of the phone, not the sim. This link on Apple's servers will remain until iMessage is manually deactivated in the phone's settings. Which is impossible if you lose your phone, or already sold it. Apple has known about this design flaw for over two months. I don't understand why Apple still has not fixed this major privacy issue.

So what's the difference with this and Blackberry's IMEI and PIN? BB Messenger acts the same way. I handed down my BB to a new colleague and he continued receiving my BBM messages.

No knocking you in any way. Just generally asking.

[satcomer]

Quote:

Originally Posted by SBacklin

I am interested in knowing how changing the password was ineffective. I changed my Apple ID password and almost immediately, my iPhone popped up messages from iMessage, FaceTime, iCloud that it needed a password to continue. If the device (specifically iMessage) is saying it needs the password to continue, then how would any future messages still be delivered to said device? I'm confused. I'm wondering if she just didn't say it didn't work to force more out of Apple. If what she says is actually true then Apple has a serious problem on its hands...as many people have sold devices (myself among them) and forgot to take out de-activated SIM, the device was wiped prior...but. This whole situation is very interesting.

I had the same situation. Those this whole story comes into question and the iPod touch gift smacks of funny for some reason, I now understand it.

[Oletros]

Quote:

Originally Posted by vrDrew

Or is that too simple of an answer?

Perhaps is too difficult to understand to they are not sending nothing to his phone

[ski1ski1]

Quote:

Originally Posted by vrDrew

Have you tried simply NOT sending text messages to a phone you and your wife know is stolen? Or is that too simple of an answer?

So, you suggest because of Apple's bug, he should now get a new number ?

----------

Quote:

Originally Posted by SBacklin

I am interested in knowing how changing the password was ineffective. I changed my Apple ID password and almost immediately, my iPhone popped up messages from iMessage, FaceTime, iCloud that it needed a password to continue. If the device (specifically iMessage) is saying it needs the password to continue, then how would any future messages still be delivered to said device? I'm confused. I'm wondering if she just didn't say it didn't work to force more out of Apple. If what she says is actually true then Apple has a serious problem on its hands...as many people have sold devices (myself among them) and forgot to take out de-activated SIM, the device was wiped prior...but. This whole situation is very interesting.

There are two id's associated with your phone on Apple's servers. You can send/receive iMessages & Facetime by either using the phone number as an ID, or the Apple ID. When you change the Apple ID password, you are only removing the link for your Apple ID to your phone. The Apple ID is mainly used for iMessages & Facetime to/from devices with no phone number such as iPads & iTouch. The link to you phone still remains for your phone number on Apple's server. That's how anyone with an iPhone can iMessage you by only knowing your phone number, not your Apple ID.

[CobraPA]

Quote:

Originally Posted by MarkMS

Yes, I believe that is the way to stop this from happening if you sell the iPhone. The problem becomes more muddied when the iPhone is stolen. Then you can't physically turn off iMessages or remove the SIM. To prevent iMessage from popping up on a stolen iPhone, you need to remote wipe that phone and call AT&T to deactivate the SIM. Not sure how this works (or is a problem) with Verizon/Sprint, but I assume you call them to disable the ESN.

The Verge had a good write up on it a few days ago: http://www.theverge.com/2012/2/3/276...ne-theft-issue

The MacRumors article seems kind of misleading about how to fix the problem. They aren't suggesting you toggle IMessage on and off on the stolen device, but on another device you have in your possession. When you toggle it, it prompts you for your apple password again and links iMessage to the device you just toggled. This prevents future messages from going to the stolen device, sending them instead to the device you just linked.