• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Beware of iMessage On Stolen iDevices
    by
    Anthony Bouchard
    Published on 12-14-2011 04:24 PM
    37 Comments Comments

    iMessage is a messaging platform that is unique to iOS.

    iMessage is a new feature that came out with iOS 5 that allows all iDevices to be connected via a text messaging network as long as your connected to an internet connection. With iMessage, all of your devices are linked under one Apple ID and that means that every device linked to that ID can see what's being sent to you if you're using iMessage. This of course, has some security risks on its own, but there's an even worse thing to be aware of. The good news is, it doesn't affect the iPhone's text messaging. This only affects iOS iMessage.

    Using iCloud, you have the ability to remote wipe a stolen iDevice. This means that from a remote location, you can erase the data that's stored on the iDevice that was stolen. Unfortunately, that's all it does. It erases the data. It doesn't delete any settings or configurations and it doesn't remove your Apple ID. This means that your iMessage network continues to include your stolen iDevice. Do you see where I'm going with this now? Yes. A thief will be able to read every incoming and outgoing message that you send associated with the Apple ID of the stolen iMessage device. Pretty scary huh?

    Ars Technica is the Web Site that found and reported on this issue and they asked iOS security expert, Jonathan Zdziarski, why this problem existed. Of course, Apple kept their mouth shut about it, but Jonathan Zdziarski had this to say:
    Quote Originally Posted by Jonathan Zdziarski
    I can only speculate, but I can see this being plausible. Message registers with the subscriber's phone number from the SIM, so let's say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple's servers with the UDID of the phone.
    The only viable solution to keeping your iMessages secretive to yourself after a stolen iDevice has been the case, is to make a brand new Apple ID and register your iDevice under that new Apple ID. This means that your iMessages will now be sent to the new Apple ID. This or course comes with some prerequisites, for example, you won't be able to use the applications that you installed on the old Apple ID; another being that anyone iMessaging your old Apple ID will continue to go to the thief until you let them know that you made a new Apple ID.

    This problem is of course a massive bug in the way that Apple's iMessage system works. We hope that Apple will respond to Ars Technica's request and fix the issue in a new iOS release that will have a new way of keeping iDevices in touch with each other. One way that I see this as being a viable option is to add a setting cell under iMessage in the Settings application with a master password and having the option to manually add or remove iDevices from the list. This would of course require that before you could add or remove a device that you would have to prove you were the owner by knowing the master password and on top of that, you would have the ability to remove a stolen device until you retrieve it to keep your privacy a number one concern. I can't wait to see how Apple personally answers to this problem and I hope that they come up with a conservative solution for it.

    What are your thoughts about thieves being able to read every incoming and outgoing iMessage sent on your stolen iDevice? Share your thoughts in the comments below – and keep it clean please.

    Sources: Ars Technica
    This article was originally published in forum thread: Beware of iMessage On Stolen iDevices started by Anthony Bouchard View original post
    Categories:
    1. iPhone,
    2. iOS,
    3. Apple,
    4. iPad,
    5. Software
    Comments 37 Comments
    1. -JailbreakeR-'s Avatar
      -JailbreakeR- - 12-14-2011, 04:29 PM
      Just log into appleid.apple.com and remove the phone number for that phone and enter a new one, change your password too. That'll stop all of this. It's not really a security risk more common sense. iMessage uses email addresses associated with the device id not the phone number do some quick changes to your appleid and you should be good to go.
    1. Zokunei's Avatar
      Zokunei - 12-14-2011, 04:30 PM
      Or they could just add your Apple ID to the remote wipe.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard - 12-14-2011, 04:31 PM
      Quote Originally Posted by -JailbreakeR- View Post
      Just log into appleid.apple.com and remove the phone number for that phone and enter a new one, change your password too. That'll stop all of this. It's not really a security risk more common sense.
      iPod touches and iPads don't have phone numbers. They also use iMessage.
    1. cmwade77's Avatar
      cmwade77 - 12-14-2011, 04:33 PM
      That was my first thought as well.

      Of course, the remote wipe should be able to wipe all settings, including the Apple ID from the phone. As for tack my phone and such, it should still be able to use the IMEI number to find it, so no big deal there.
    1. -JailbreakeR-'s Avatar
      -JailbreakeR- - 12-14-2011, 04:33 PM
      Quote Originally Posted by Anthony Bouchard View Post
      iPod touches and iPads don't have phone numbers. They also use iMessage.
      Sorry hit send before I was done. I edited my original post. Like I said its the email and device id not the phone number. Changing the phone number will stop it on the iPhone end.
    1. teej1410's Avatar
      teej1410 - 12-14-2011, 04:41 PM
      I would never remote wipe my iPod any way. I wouldn't expect it to be connected to the Internet if it was stolen.
    1. diemer's Avatar
      diemer - 12-14-2011, 04:44 PM
      The article mentions not being able to use the applications associated with your old apple id, but that's not true. I have my phone using a different apple id than my appstore apple id (so that my wife's iPad and my phone can share apps, but be able to iMessage eachother). You just simply sign into the app store with that old ID.
    1. rickuk's Avatar
      rickuk - 12-14-2011, 05:01 PM
      So what happens if you change your ApplieID password after losing your phone?
    1. Stealth1029's Avatar
      Stealth1029 - 12-14-2011, 05:07 PM
      Actually, I've already had this happen to me, luckily it wasn't due to the phone being stolen. My friend's iPhone was running on a tethered jailbreak, and it ran out of battery, with no computers around at the moment (And on his birthday, no less). To help him out, I let him swap SIMs with my phone for a few minutes, so he could to take care of any messages with immediate importance. We swapped back, and the day proceeded as normal; however, the next day, I started noticing iMessage messages from an unknown number, and replies which appeared to be coming from my end. After some investigation, I found the cause: in the iMessage settings, I found both our numbers. The problem was easy to fix, though. All I had to do was toggle the iMessage settings off, then on again. Also worth noting: Facetime seems to suffer from this issue too, as I was receiving his calls. Definitely a big issue. Scary how if someone is given just a minute or two with your SIM card, they'll instantly possess the ability to intercept all your iMessages...
    1. mickspecial's Avatar
      mickspecial - 12-14-2011, 05:09 PM
      Quote Originally Posted by -JailbreakeR- View Post
      Just log into appleid.apple.com and remove the phone number for that phone and enter a new one, change your password too. That'll stop all of this. It's not really a security risk more common sense. iMessage uses email addresses associated with the device id not the phone number do some quick changes to your appleid and you should be good to go.
      Good idea, i put my sim in my mates phone to try some things and he was getting my messages, until i turned i message off. iOS 5 is rubbish. Hence returning to 4.3
    1. mexchorizo's Avatar
      mexchorizo - 12-14-2011, 05:28 PM
      Just changed the password and it will solve the problem.
    1. TylerC161's Avatar
      TylerC161 - 12-14-2011, 05:48 PM
      Quote Originally Posted by Stealth1029 View Post
      Actually, I've already had this happen to me, luckily it wasn't due to the phone being stolen. My friend's iPhone was running on a tethered jailbreak, and it ran out of battery, with no computers around at the moment (And on his birthday, no less). To help him out, I let him swap SIMs with my phone for a few minutes, so he could to take care of any messages with immediate importance. We swapped back, and the day proceeded as normal; however, the next day, I started noticing iMessage messages from an unknown number, and replies which appeared to be coming from my end. After some investigation, I found the cause: in the iMessage settings, I found both our numbers. The problem was easy to fix, though. All I had to do was toggle the iMessage settings off, then on again. Also worth noting: Facetime seems to suffer from this issue too, as I was receiving his calls. Definitely a big issue. Scary how if someone is given just a minute or two with your SIM card, they'll instantly possess the ability to intercept all your iMessages...
      Fixed*

      Sorry, I had to. Wouldnt want everyone getting the wrong idea.
    1. trevorrawson's Avatar
      trevorrawson - 12-14-2011, 06:04 PM
      Anybody know why iMessage either works on my iPad or my iPhone and not together on both like it was supposed to? Anybody else having this problem?
    1. blueblaze4444's Avatar
      blueblaze4444 - 12-14-2011, 06:41 PM
      And for the love of God, if you have a passcode on your device, then what are the likes that a thief would be able to get through it without restoring it anyways?
    1. excaliburlives's Avatar
      excaliburlives - 12-14-2011, 06:52 PM
      Quote Originally Posted by blueblaze4444 View Post
      And for the love of God, if you have a passcode on your device, then what are the likes that a thief would be able to get through it without restoring it anyways?
      I was thinking the same thing. If your device is locked then everything will be erased when they try to restore it.
    1. scroogelives's Avatar
      scroogelives - 12-14-2011, 07:05 PM
      Quote Originally Posted by trevorrawson View Post
      Anybody know why iMessage either works on my iPad or my iPhone and not together on both like it was supposed to? Anybody else having this problem?
      I have a issue where my iPhone 4 won't accept my girl friends iPhone 3GS or my mums iPhone 3GS as iMessage yet others like my boss is accepted makes no difference where any one is just seems to no work!
    1. A3gOwner's Avatar
      A3gOwner - 12-14-2011, 07:13 PM
      Quote Originally Posted by scroogelives View Post
      I have a issue where my iPhone 4 won't accept my girl friends iPhone 3GS or my mums iPhone 3GS as iMessage yet others like my boss is accepted makes no difference where any one is just seems to no work!
      Are they all on ios5 or higher?
    1. daytonaviolet's Avatar
      daytonaviolet - 12-14-2011, 07:39 PM
      or the thief can login your account (he now has our imessage account) and change the password. thus he'll log you out.
    1. metaserph's Avatar
      metaserph - 12-14-2011, 07:40 PM
      Mental note: do NOT lose your iPhone.
    1. Cer0's Avatar
      Cer0 - 12-14-2011, 07:46 PM
      Quote Originally Posted by daytonaviolet View Post
      or the thief can login your account (he now has our imessage account) and change the password. thus he'll log you out.
      He would get a popup to verify password so if he doesnt know the password to start he can't change it.
    Page 1 of 2 12 LastLast
  • We're now on Google+!