iMessage is a messaging platform that is unique to iOS.
iMessage is a new feature that came out with iOS 5 that allows all iDevices to be connected via a text messaging network as long as your connected to an internet connection. With iMessage, all of your devices are linked under one Apple ID and that means that every device linked to that ID can see what's being sent to you if you're using iMessage. This of course, has some security risks on its own, but there's an even worse thing to be aware of. The good news is, it doesn't affect the iPhone's text messaging. This only affects iOS iMessage.
Using iCloud, you have the ability to remote wipe a stolen iDevice. This means that from a remote location, you can erase the data that's stored on the iDevice that was stolen. Unfortunately, that's all it does. It erases the data. It doesn't delete any settings or configurations and it doesn't remove your Apple ID. This means that your iMessage network continues to include your stolen iDevice. Do you see where I'm going with this now? Yes. A thief will be able to read every incoming and outgoing message that you send associated with the Apple ID of the stolen iMessage device. Pretty scary huh?
Ars Technica is the Web Site that found and reported on this issue and they asked iOS security expert, Jonathan Zdziarski, why this problem existed. Of course, Apple kept their mouth shut about it, but Jonathan Zdziarski had this to say:
Originally Posted by Jonathan Zdziarski
This problem is of course a massive bug in the way that Apple's iMessage system works. We hope that Apple will respond to Ars Technica's request and fix the issue in a new iOS release that will have a new way of keeping iDevices in touch with each other. One way that I see this as being a viable option is to add a setting cell under iMessage in the Settings application with a master password and having the option to manually add or remove iDevices from the list. This would of course require that before you could add or remove a device that you would have to prove you were the owner by knowing the master password and on top of that, you would have the ability to remove a stolen device until you retrieve it to keep your privacy a number one concern. I can't wait to see how Apple personally answers to this problem and I hope that they come up with a conservative solution for it.
What are your thoughts about thieves being able to read every incoming and outgoing iMessage sent on your stolen iDevice? Share your thoughts in the comments below – and keep it clean please.
Sources: Ars Technica