iMessage Security Flaw???

Discussion in 'iPhone' started by M33-1, Oct 26, 2011.

  1. M33-1 macrumors member

    Joined:
    Jun 15, 2010
    #1
    Can anyone else verify this?

    Go to the Settings icon, choose the messages option, then turn iMessage off. Wait a few seconds and turn it back on. It will ask you to reenter your iTunes account password. Hit cancel and wait...it will say "waiting for activation" and will activate iMessage without a password. I changed my iTunes password and tried this again and it allowed me to send messages on my iPhone 4S using iMessage without a password.

    This is a major security flaw if anyone else can verify. If someone found your phone and you reset your iTunes password, they could still text your friends also using iMessage without a password.
     
  2. verwon macrumors 68030

    verwon

    Joined:
    Jul 26, 2011
    Location:
    Seattle
  3. xorjo macrumors member

    Joined:
    Oct 19, 2011
    #3
    it's worse than that.. go to iMessages, take out your apple id so that only your number is there.. take out the sim card, and you can still send and receive messages from the phone, even after turning off the phone, you can still send iMessages from your phone number with no sim card installed...
     
  4. M33-1 thread starter macrumors member

    Joined:
    Jun 15, 2010
    #4
    Huge problem!!!!!

    I wrote this because I sold my iPhone 4 and the buyer called me to tell me that my wife's iMessages are going to the phone he bought as well as my new iPhone 4s. Also, there is no sim in the phone. The buyer has not put a sim in it yet. Only connection is wifi.

    Beware iPhone 4 sellers!!
     
  5. marty131 macrumors newbie

    Joined:
    Mar 18, 2009
    Location:
    Adelaide, Australia
    #5
    M33-1, did you erase all content and settings from the phone before selling?

    Obviously what you have mentioned seems like a security flaw, but I'm guessing an erase all content and settings would still stop this access.
     
  6. M33-1 thread starter macrumors member

    Joined:
    Jun 15, 2010
    #6
    That's exactly what I did. Erase all content and settings. My buyer just restored under iTunes and it stopped the double texts. Here is the problem...how many people will sell their phones like me by choosing erase all content and settings and not restoring under iTunes. Besides, Steve Jobs said that Ios5 can operate without a pc! I made the assumption that erasing in the phone is secure. Apple better address this if they want the IPhone purely pc free.
     
  7. M33-1 thread starter macrumors member

    Joined:
    Jun 15, 2010
    #7
    Nevermind...still a big security flaw. My buyer just informed me that he received my texts between my wife and I even after a full restore and setup as new iPhone. The text was just delayed since my last post.

    I'm on the phone with Apple waiting for a technical manager. They think they may have a really big security problem.....

    I'll keep you informed.

    p.s. - and yes, his account information is listed under Settings - Store, not my iTunes account information. It's somehow linking my old serial number with my iTunes account.
     
  8. Jordan921 macrumors 68040

    Jordan921

    Joined:
    Jul 7, 2010
    Location:
    Bay Area
    #8
    I sold my iPhone 4 to a friend and they aren't receiving any of my iMessages
     
  9. Pink∆Floyd macrumors 68020

    Pink∆Floyd

    Joined:
    Nov 21, 2009
    Location:
    Up There
    #9
    Did you fully wipe your iPhone?
     
  10. OCJeff macrumors regular

    Joined:
    Feb 14, 2010
    #10
    I think this is because the apple device is associated to your iTunes account (registered). Is there a way to unregister the device? Or maybe only when it's registered to another account.

    My wife's phone gets my iMessages just because it's on the same iTunes account.
     
  11. dontwalkhand macrumors 601

    dontwalkhand

    Joined:
    Jul 5, 2007
    Location:
    Phoenix, AZ
    #11
    ALWAYS restore your iPhone prior to selling it, to prevent things like this from happening. A "Erase all content and settings" is not the same thing as a Factory Restore.
     
  12. gtmac macrumors 6502a

    Joined:
    Jun 25, 2010
    #12
    Man this is so f-ed up I sold my iPhone 4 with ios 5 on it and I just erased all settings and content I thought that was all we needed to do.
     
  13. M33-1 thread starter macrumors member

    Joined:
    Jun 15, 2010
    #13
    I did. Did you try my request above regarding iMessage?
     
  14. gtmac macrumors 6502a

    Joined:
    Jun 25, 2010
  15. dave006 macrumors 68030

    dave006

    Joined:
    Jul 3, 2008
    Location:
    Just West of East
    #15
    Yep the original issue is valid. Password is not required if you just hit "Cancel".

    Dave
     
  16. dave420 macrumors 65816

    Joined:
    Jun 15, 2010
    #16

Share This Page