Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

M33-1

macrumors 6502
Original poster
Jun 15, 2010
392
288
Can anyone else verify this?

Go to the Settings icon, choose the messages option, then turn iMessage off. Wait a few seconds and turn it back on. It will ask you to reenter your iTunes account password. Hit cancel and wait...it will say "waiting for activation" and will activate iMessage without a password. I changed my iTunes password and tried this again and it allowed me to send messages on my iPhone 4S using iMessage without a password.

This is a major security flaw if anyone else can verify. If someone found your phone and you reset your iTunes password, they could still text your friends also using iMessage without a password.
 

xorjo

macrumors member
Oct 19, 2011
60
10
Can anyone else verify this?

Go to the Settings icon, choose the messages option, then turn iMessage off. Wait a few seconds and turn it back on. It will ask you to reenter your iTunes account password. Hit cancel and wait...it will say "waiting for activation" and will activate iMessage without a password. I changed my iTunes password and tried this again and it allowed me to send messages on my iPhone 4S using iMessage without a password.

This is a major security flaw if anyone else can verify. If someone found your phone and you reset your iTunes password, they could still text your friends also using iMessage without a password.

it's worse than that.. go to iMessages, take out your apple id so that only your number is there.. take out the sim card, and you can still send and receive messages from the phone, even after turning off the phone, you can still send iMessages from your phone number with no sim card installed...
 

M33-1

macrumors 6502
Original poster
Jun 15, 2010
392
288
it's worse than that.. go to iMessages, take out your apple id so that only your number is there.. take out the sim card, and you can still send and receive messages from the phone, even after turning off the phone, you can still send iMessages from your phone number with no sim card installed...

Huge problem!!!!!

I wrote this because I sold my iPhone 4 and the buyer called me to tell me that my wife's iMessages are going to the phone he bought as well as my new iPhone 4s. Also, there is no sim in the phone. The buyer has not put a sim in it yet. Only connection is wifi.

Beware iPhone 4 sellers!!
 

marty131

macrumors newbie
Mar 18, 2009
7
0
Adelaide, Australia
Huge problem!!!!!

I wrote this because I sold my iPhone 4 and the buyer called me to tell me that my wife's iMessages are going to the phone he bought as well as my new iPhone 4s. Also, there is no sim in the phone. The buyer has not put a sim in it yet. Only connection is wifi.

Beware iPhone 4 sellers!!

M33-1, did you erase all content and settings from the phone before selling?

Obviously what you have mentioned seems like a security flaw, but I'm guessing an erase all content and settings would still stop this access.
 

M33-1

macrumors 6502
Original poster
Jun 15, 2010
392
288
M33-1, did you erase all content and settings from the phone before selling?

Obviously what you have mentioned seems like a security flaw, but I'm guessing an erase all content and settings would still stop this access.

That's exactly what I did. Erase all content and settings. My buyer just restored under iTunes and it stopped the double texts. Here is the problem...how many people will sell their phones like me by choosing erase all content and settings and not restoring under iTunes. Besides, Steve Jobs said that Ios5 can operate without a pc! I made the assumption that erasing in the phone is secure. Apple better address this if they want the IPhone purely pc free.
 

M33-1

macrumors 6502
Original poster
Jun 15, 2010
392
288
That's exactly what I did. Erase all content and settings. My buyer just restored under iTunes and it stopped the double texts. Here is the problem...how many people will sell their phones like me by choosing erase all content and settings and not restoring under iTunes. Besides, Steve Jobs said that Ios5 can operate without a pc! I made the assumption that erasing in the phone is secure. Apple better address this if they want the IPhone purely pc free.

Nevermind...still a big security flaw. My buyer just informed me that he received my texts between my wife and I even after a full restore and setup as new iPhone. The text was just delayed since my last post.

I'm on the phone with Apple waiting for a technical manager. They think they may have a really big security problem.....

I'll keep you informed.

p.s. - and yes, his account information is listed under Settings - Store, not my iTunes account information. It's somehow linking my old serial number with my iTunes account.
 

Pink∆Floyd

macrumors 68020
Nov 21, 2009
2,039
0
Up There
Nevermind...still a big security flaw. My buyer just informed me that he received my texts between my wife and I even after a full restore and setup as new iPhone. The text was just delayed since my last post.

I'm on the phone with Apple waiting for a technical manager. They think they may have a really big security problem.....

I'll keep you informed.

p.s. - and yes, his account information is listed under Settings - Store, not my iTunes account information. It's somehow linking my old serial number with my iTunes account.

Did you fully wipe your iPhone?
 

OCJeff

macrumors regular
Feb 14, 2010
118
14
I think this is because the apple device is associated to your iTunes account (registered). Is there a way to unregister the device? Or maybe only when it's registered to another account.

My wife's phone gets my iMessages just because it's on the same iTunes account.
 

dontwalkhand

macrumors 603
Jul 5, 2007
6,368
2,863
Phoenix, AZ
ALWAYS restore your iPhone prior to selling it, to prevent things like this from happening. A "Erase all content and settings" is not the same thing as a Factory Restore.
 

gtmac

macrumors 6502a
Jun 25, 2010
676
116
Man this is so f-ed up I sold my iPhone 4 with ios 5 on it and I just erased all settings and content I thought that was all we needed to do.
 

dave006

macrumors 68040
Jul 3, 2008
3,566
889
Just West of East
Can anyone else verify this?

....This is a major security flaw if anyone else can verify. If someone found your phone and you reset your iTunes password, they could still text your friends also using iMessage without a password.
Yep the original issue is valid. Password is not required if you just hit "Cancel".

Dave
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.