iPhone iOS5 iMessages remote wipe privacy issue

Scrolling through some Apple Mac forum threads I couldn’t help but notice some issues people were having with iMessages (this is a new Apple service for iOS 5 which aims to compete with the ever popular Blackberry BBM service), when using the remove wipe service. This has been picked up by the media in the past few days, but I thought I’d add some thoughts to this.

Remote wiping is a useful security and privacy option (most mobile handsets have this function) if your mobile device is lost or stolen. Remote wipe* will completely wipe your handset (and in some instances provide a lock function) however it appears some iPhone4(S) and iPod Touch iOS 5 users whose phones/iPods have been lost/stolen activiate the remote wipe, but then find the new iPhone user can send and receive iMessages as the original owner (and using the original Apple ID – yikes!). This iMessages flaw also works if the lost/stolen device is provided with a new mobile number/SIM, which makes this rather interesting. So what might be going on here?

*Some mobile antivirus apps also offer a remote wipe function. You will need to check with the app developer to find out whether the remote wipe works with iMessages.

I suspect that Apple does indeed cache data as iMessages registers with the subscriber’s mobile number from the SIM card (mobile numbers are always stored on a SIM). The idea behind this setup is that if you recover your phone you can restore your phone to its original settings (including iMessages). The problem (only if you want to delete your iMessages :() appears to be that Apple is caching data and the mobile number on the hardware or in the cloud (i.e. servers) as well as it being stored on the SIM.

Note: iMessages can be used on any cell network for example 3G/GPRS and has WiFi capability

From what I gather there isn’t a fix right now for this iOS 5 ‘bug’. Several work arounds have been documented but none of them will retain your Apple ID purchases/history. Worth noting, you cannot turn off iMessages on a lost/stolen device (unlike BlackBerry). Let’s hope Apple fixes this iPhone/server-side bug with urgency.

Safe surfing folks!


This entry was posted in apple, privacy and tagged . Bookmark the permalink.

3 Responses to iPhone iOS5 iMessages remote wipe privacy issue

  1. Pingback: iPhone iOS5 iMessages remote wipe privacy issue | Events | IT Security Magazine - Hakin9 www.hakin9.org

  2. vincent says:

    Whatsapp seemed to have the same issue too.
    When my friend change phone, someone using my friend’s phone can still send message to me with a new SIM card.

    • Julian says:

      #Vincent# Thanks for the “Whatsapp” tip. Just checked your find out. NOTE to all my readers: Be aware this popular app is also experiencing the same ‘remote wipe privacy issue’ as iMessages.

Leave a Reply

Your email address will not be published. Required fields are marked *