Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
12-14-2011, 05:24 PM #1
Beware of iMessage On Stolen iDevices
iMessage is a messaging platform that is unique to iOS.
iMessage is a new feature that came out with iOS 5 that allows all iDevices to be connected via a text messaging network as long as your connected to an internet connection. With iMessage, all of your devices are linked under one Apple ID and that means that every device linked to that ID can see what's being sent to you if you're using iMessage. This of course, has some security risks on its own, but there's an even worse thing to be aware of. The good news is, it doesn't affect the iPhone's text messaging. This only affects iOS iMessage.
Using iCloud, you have the ability to remote wipe a stolen iDevice. This means that from a remote location, you can erase the data that's stored on the iDevice that was stolen. Unfortunately, that's all it does. It erases the data. It doesn't delete any settings or configurations and it doesn't remove your Apple ID. This means that your iMessage network continues to include your stolen iDevice. Do you see where I'm going with this now? Yes. A thief will be able to read every incoming and outgoing message that you send associated with the Apple ID of the stolen iMessage device. Pretty scary huh?
Ars Technica is the Web Site that found and reported on this issue and they asked iOS security expert, Jonathan Zdziarski, why this problem existed. Of course, Apple kept their mouth shut about it, but Jonathan Zdziarski had this to say:
Originally Posted by Jonathan Zdziarski
This problem is of course a massive bug in the way that Apple's iMessage system works. We hope that Apple will respond to Ars Technica's request and fix the issue in a new iOS release that will have a new way of keeping iDevices in touch with each other. One way that I see this as being a viable option is to add a setting cell under iMessage in the Settings application with a master password and having the option to manually add or remove iDevices from the list. This would of course require that before you could add or remove a device that you would have to prove you were the owner by knowing the master password and on top of that, you would have the ability to remove a stolen device until you retrieve it to keep your privacy a number one concern. I can't wait to see how Apple personally answers to this problem and I hope that they come up with a conservative solution for it.
What are your thoughts about thieves being able to read every incoming and outgoing iMessage sent on your stolen iDevice? Share your thoughts in the comments below – and keep it clean please.
Sources: Ars Technica
12-14-2011, 05:29 PM #2
Just log into appleid.apple.com and remove the phone number for that phone and enter a new one, change your password too. That'll stop all of this. It's not really a security risk more common sense. iMessage uses email addresses associated with the device id not the phone number do some quick changes to your appleid and you should be good to go.
Last edited by -JailbreakeR-; 12-14-2011 at 05:35 PM.
12-14-2011, 05:30 PM #3
Or they could just add your Apple ID to the remote wipe.
12-14-2011, 05:31 PM #4
12-14-2011, 05:33 PM #5
That was my first thought as well.
Of course, the remote wipe should be able to wipe all settings, including the Apple ID from the phone. As for tack my phone and such, it should still be able to use the IMEI number to find it, so no big deal there.
12-14-2011, 05:33 PM #6
12-14-2011, 05:41 PM #7
I would never remote wipe my iPod any way. I wouldn't expect it to be connected to the Internet if it was stolen.
12-14-2011, 05:44 PM #8
- Join Date
- Feb 2008
- Thanked 3 Times in 1 Post
The article mentions not being able to use the applications associated with your old apple id, but that's not true. I have my phone using a different apple id than my appstore apple id (so that my wife's iPad and my phone can share apps, but be able to iMessage eachother). You just simply sign into the app store with that old ID.
12-14-2011, 06:01 PM #9
So what happens if you change your ApplieID password after losing your phone?
12-14-2011, 06:07 PM #10
Actually, I've already had this happen to me, luckily it wasn't due to the phone being stolen. My friend's iPhone was running on a tethered jailbreak, and it ran out of battery, with no computers around at the moment (And on his birthday, no less). To help him out, I let him swap SIMs with my phone for a few minutes, so he could to take care of any messages with immediate importance. We swapped back, and the day proceeded as normal; however, the next day, I started noticing iMessage messages from an unknown number, and replies which appeared to be coming from my end. After some investigation, I found the cause: in the iMessage settings, I found both our numbers. The problem was easy to fix, though. All I had to do was toggle the iMessage settings off, then on again. Also worth noting: Facetime seems to suffer from this issue too, as I was receiving his calls. Definitely a big issue. Scary how if someone is given just a minute or two with your SIM card, they'll instantly possess the ability to intercept all your iMessages...
Last edited by Stealth1029; 12-15-2011 at 05:38 AM. Reason: Clarification.
12-14-2011, 06:09 PM #11
12-14-2011, 06:28 PM #12
Just changed the password and it will solve the problem.
12-14-2011, 06:48 PM #13
12-14-2011, 07:04 PM #14
Anybody know why iMessage either works on my iPad or my iPhone and not together on both like it was supposed to? Anybody else having this problem?
12-14-2011, 07:41 PM #15
And for the love of God, if you have a passcode on your device, then what are the likes that a thief would be able to get through it without restoring it anyways?
12-14-2011, 07:52 PM #16
12-14-2011, 08:05 PM #17
12-14-2011, 08:13 PM #18
12-14-2011, 08:39 PM #19
or the thief can login your account (he now has our imessage account) and change the password. thus he'll log you out.
12-14-2011, 08:40 PM #20
Mental note: do NOT lose your iPhone.@Metaserph
"You can only attain Peace through spreading Love to create Unity and earn the Respect of others" - Complex Simplicity