An iMessage bug lets thieves message from stole iPhone

One of the best things about iCloud is Find My iPhone features, which lets you find and remotely wipe your iPhone when it is stolen. But a new bug has been discovered which lets the thief use your account to send messages from the iMessage app:

Our attention was drawn to this story by Ars reader David Hovis, whose house was recently burglarized and his wife’s iPhone 4S was stolen. According to Hovis, his wife deactivated her iPhone with her carrier, remote wiped it, and immediately changed her Apple ID password—”we picked up a new iPhone the next day, figuring that our insurance would end up paying for it,” Hovis told Ars.

For most users, this would be the end of the story. The phone number had been transferred to a new device and the old one had been deactivated; what more is there to say? A lot, apparently, and in the form of iMessages. The thief who stole Mrs. Hovis’ iPhone had sold the device to an unsuspecting buyer elsewhere in the state, and the buyer had begun sending and receiving iMessages from the phone as Mrs. Hovis—even though the stolen phone had apparently now been activated under a new number.

MacRumors forum says that permanently deleting your Apple ID is the solution to this until Apple fixes this. A security expert has explained why it happens like this:

“I can only speculate, but I can see this being plausible,” Zdziarski told Ars. “iMessage registers with the subscriber’s phone number from the SIM, so let’s say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple’s servers with the UDID of the phone.”

So, be careful.