iMessages aren't secure when you lose your iOS device

When iOS 5 was released alongside the iPhone 4S earlier this fall, iMessage was introduced as a new, all-encompassing messaging service that would connect all iOS device users for free using their unique Apple IDs. iMessage, however, may have a critical downfall when it comes to securely erasing access if you lose your device.

When iOS 5 was released alongside the iPhone 4S earlier this fall, iMessage was introduced as a new, all-encompassing messaging service that would connect all iOS device users for free using their unique Apple IDs. iMessage, however, may have a critical downfall when it comes to securely erasing access if you lose your device.

Apple

Since Apple released the Find My iPhone app, users cruising out and about have had a backup plan to keep their minds at ease should they accidentally leave their iPhone at a bar or come across the misfortune of being robbed.

Find My iPhone allows you to remote-wipe your iPhone, leaving no trace of your information, should you not be able to recover it. That should be enough to keep users safe, but readers of Ars Technica have reported that despite deactivating their phone with their carrier, remote wiping their iPhone 4S, and changing their Apple ID password after the device was stolen from their home, iMessages from a new user were still being sent and received as the original owner.

According to iOS security expert Jonathan Zdziarski, "iMessage registers with the subscriber's phone number from the SIM, so let's say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple's servers with the UDID of the phone."

This is not good news. Apparently the "best" solution is to completely cancel your original Apple ID and register your new iPhone with a completely new user name and password. Of course, by canceling your Apple ID you will lose access to any past purchases you've made on the iTunes Music Store or the App Store.

Ouch. This seems like it could be a bigger deal than was first thought. Is there really no way to securely revoke access to iMessages if your iPhone is lost or stolen?

Unfortunately, for now, that is the case. Keep in mind that the majority of your information, like your contacts, e-mail accounts, and content will still be erased forever when using the remote wipe feature of Find My iPhone. From a security standpoint those are the most important pieces of information to keep secure, but certainly Apple needs to get this iMessage debacle figured out.

What should the blogosphere call this situation? iMessageGate?

Luckily I have not had to use the remote wipe feature after losing my iPhone, but if anyone has experienced their iMessages being sent to their old iPhone after remote wiping it and getting a new phone, let me know in the comments.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments