iMessage Security Flaw???

Discussion in 'iPhone' started by M33-1, Oct 26, 2011.

  1. M33-1 macrumors regular

    Jun 15, 2010
    Can anyone else verify this?

    Go to the Settings icon, choose the messages option, then turn iMessage off. Wait a few seconds and turn it back on. It will ask you to reenter your iTunes account password. Hit cancel and will say "waiting for activation" and will activate iMessage without a password. I changed my iTunes password and tried this again and it allowed me to send messages on my iPhone 4S using iMessage without a password.

    This is a major security flaw if anyone else can verify. If someone found your phone and you reset your iTunes password, they could still text your friends also using iMessage without a password.
  2. verwon macrumors 68030


    Jul 26, 2011
  3. xorjo macrumors member

    Oct 19, 2011
    it's worse than that.. go to iMessages, take out your apple id so that only your number is there.. take out the sim card, and you can still send and receive messages from the phone, even after turning off the phone, you can still send iMessages from your phone number with no sim card installed...
  4. M33-1 thread starter macrumors regular

    Jun 15, 2010
    Huge problem!!!!!

    I wrote this because I sold my iPhone 4 and the buyer called me to tell me that my wife's iMessages are going to the phone he bought as well as my new iPhone 4s. Also, there is no sim in the phone. The buyer has not put a sim in it yet. Only connection is wifi.

    Beware iPhone 4 sellers!!
  5. marty131 macrumors newbie

    Mar 18, 2009
    Adelaide, Australia
    M33-1, did you erase all content and settings from the phone before selling?

    Obviously what you have mentioned seems like a security flaw, but I'm guessing an erase all content and settings would still stop this access.
  6. M33-1 thread starter macrumors regular

    Jun 15, 2010
    That's exactly what I did. Erase all content and settings. My buyer just restored under iTunes and it stopped the double texts. Here is the many people will sell their phones like me by choosing erase all content and settings and not restoring under iTunes. Besides, Steve Jobs said that Ios5 can operate without a pc! I made the assumption that erasing in the phone is secure. Apple better address this if they want the IPhone purely pc free.
  7. M33-1 thread starter macrumors regular

    Jun 15, 2010
    Nevermind...still a big security flaw. My buyer just informed me that he received my texts between my wife and I even after a full restore and setup as new iPhone. The text was just delayed since my last post.

    I'm on the phone with Apple waiting for a technical manager. They think they may have a really big security problem.....

    I'll keep you informed.

    p.s. - and yes, his account information is listed under Settings - Store, not my iTunes account information. It's somehow linking my old serial number with my iTunes account.
  8. Jordan921 macrumors 68040


    Jul 7, 2010
    Bay Area
    I sold my iPhone 4 to a friend and they aren't receiving any of my iMessages
  9. Pink∆Floyd macrumors 68020


    Nov 21, 2009
    Up There
    Did you fully wipe your iPhone?
  10. OCJeff macrumors regular

    Feb 14, 2010
    I think this is because the apple device is associated to your iTunes account (registered). Is there a way to unregister the device? Or maybe only when it's registered to another account.

    My wife's phone gets my iMessages just because it's on the same iTunes account.
  11. dontwalkhand macrumors 601


    Jul 5, 2007
    Phoenix, AZ
    ALWAYS restore your iPhone prior to selling it, to prevent things like this from happening. A "Erase all content and settings" is not the same thing as a Factory Restore.
  12. gtmac macrumors 6502a

    Jun 25, 2010
    Man this is so f-ed up I sold my iPhone 4 with ios 5 on it and I just erased all settings and content I thought that was all we needed to do.
  13. M33-1 thread starter macrumors regular

    Jun 15, 2010
    I did. Did you try my request above regarding iMessage?
  14. gtmac macrumors 6502a

    Jun 25, 2010
  15. dave006 Contributor


    Jul 3, 2008
    Just West of East
    Yep the original issue is valid. Password is not required if you just hit "Cancel".

  16. dave420 macrumors 65816

    Jun 15, 2010

Share This Page