Security Concerns: MobileMe Find my iPhone

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by erphan, Mar 12, 2011.

  1. erphan macrumors newbie

    Joined:
    Jan 6, 2011
    #1
    Hey Everyone,

    I needed to ask your advice on something and hear if anyone else has seen/ is seeing this issue.

    On February 20, 2011 I logged onto Find my iPhone via my iPod touch. Rather than seeing my own devices I saw another persons iPod touch rather than my 4 iOS devices. I logged on via Safari and then the same thing came up, the other persons' iPod touch's. Luckily they weren't connected to Wi-Fi or else I would be able to track those devices as well. I did however have the ability to change the passcode and wipe the devices via my MobileMe account.

    In about 10 minutes, the page refreshed on its own and my 4 iOS devices came back online and I was able to take care of my own business.

    I contacted MobileMe Support and they forwarded my case to MobileMe Senior Support who called me back in 3 days. They collected info, changed my password with a temporary one, forwarded it to MobileMe engineers and then lost touch with me for a week and a half. Finally, I got a response saying that they felt my account was compromised and therefore I was able to see someone else's devices. They didn't however answer the following questions:

    1. How was someone able to remove my devices and then put them back on again, while they were all in my possession?

    2. If my account were in fact compromised, how come I didn't notice anything else weird on any other part of MobileMe? Why didn't I ever see these devices before, when I looked at Find My iPhone a few hours ago?

    Apple said these questions are private and can only be addressed through Apple's Legal Channels. I contacted Apple's Legal Department on March 3, 2011 - I have yet to receive a response.

    On another note, I mentioned to MobileMe how my account was compromised back in July. I started to see approximately 200 Chinese contacts sync'd to my MobileMe account. MobileMe told me to change my password and remove the foreign data - that was it.

    MobileMe then asked me if I replaced any iPhones/ iPod's etc. through AppleCare. I looked through my emails, and what do you know, I replaced an iPhone 4 w/ my MobileMe account on it on July 10, 2010. On July 30, 2010 - I see all these foreign Chinese contacts.

    Apple Customer Relations swore to me that it's impossible for the two things to be connected but I'm a little suspicious now.

    Please give me your thoughts and opinions on the matter and please let me know if you had any issues similar to this as well.

    At last, Apple told me that they wouldn't be able to provide any more info to me without a subpoena as the information beyond what they've already told me is a confidentiality matter.
     
  2. mrblack927 macrumors 6502a

    mrblack927

    Joined:
    Aug 19, 2008
    #2
    Wow. Sounds like pretty heavy stuff. Makes me wonder if it's the same thing as what happened here:

    http://forums.macrumors.com/showthread.php?t=1115451

    If so, it sounds like Apple has a significant security bug in their system. And if they already know about it, all of that legal jargon they threw your way could be an attempt to keep it from going public and creating a PR storm. I remain skeptical for now, but I sure would be interested in knowing if anyone else has experienced this behavior...
     
  3. OneMike macrumors 601

    OneMike

    Joined:
    Oct 19, 2005
    #3
    that's very interesting. I've never had an issue with mobileme, but that's pretty serious
     
  4. erphan thread starter macrumors newbie

    Joined:
    Jan 6, 2011
    #4
    I completely agree, but so far they've been completely uncooperative. I'd consider taking this up with them legally but I'm not sure if it would even stand.
     

Share This Page