Feeds

back to article Stolen, remote-wiped iPhones still get owner's iMessages

Victims of iPhone theft have discovered that remotely wiping the nicked kit won't stop iMessage content being delivered to the thief, who can continue to respond under the owner's name. The flaw was spotted by one David Hovis, whose wife had her iPhone lifted and promptly deactivated the mobile number, remotely wiped the data …

COMMENTS

This topic is closed for new posts.
FAIL

Major #FAIL

fix now....nuff said

0
0

Shouldn't a stolen phone...

...be remotely made into a brick? Or turned into a tracker to recover the device?

If people get stung handling stolen goods, isn't it their own fault?

3
0
Silver badge

Re: ",,,own fault?"

Probably, but not necessarily. If the perp KNOWS he got stolen stuff because he bought it from a fence or a super-great deal, yes. But I can imagine a retailer receiving stolen kit and selling it as new to boost his profit margins. In that case, no. But if that's the case I would also expect him to immediately go to the police with his sales receipt, turn over the kit, and request an investigation of the retailer.

0
0

Leery?

What does that mean? He leered at people?

0
0
Bronze badge

@Big-nosed

Are you wary of sticking yer nose in?

Ain't you suspicious?

0
0
FAIL

iMessage experiences when roaming

Me and the missus both use an iPhone, after recent experiences we both turned iMessage off. I was abroad, she was texting me but I never received anything since I forgot to tun on roaming data on my iPhone. And unlike "basic" texting, she never got an "unable to deliver" message, and I never got the texts she sent once roaming data was enabled. So we're happy to pay for our messages, since we're sure they'll (eventually) get where they are supposed to be.

After reading these reports I can only conclude that iMessage should be turned off by default. Nice to have, but pretty useless if you want to have a reasonable chance that your message gets there.

0
0
Anonymous Coward

Fail to understand that

I send messages to UK from abroad (where I live) almost daily, to iphone users from my iphone. Sometimes one of them and sometimes not is using data roaming, rather unpredictably and sometimes I am and sometimes not. In my limited experience, we have not lost any messages yet.

0
0

@Mosquito iMessage is indeed turned off by default. This is a bit daft, but no doubt will be addressed in a future update. Hardly anything to worry about.

If an iMessage cannot be delivered it usually is then sent by SMS or the sender is given a choice.

0
0

I thought stolen phones had their IMEI's blacklisted?

So what would be the point of buying a stolen iPhone? To use as an iPod?

I which case, surely the buyer rumbled something was up.

0
0
FAIL

Wiped?

Not much of a "wiping", now, is it? If the phone still functions AT ALL after being "wiped", then it wasn't "wiped". When I "wipe" a hard drive, I overwrite every disk cluster with 0s about 7 times. Now THAT's a "wipe". Anything less and data is recoverable ... ergo, the device has not been "wiped".

But maybe that's too simple for Apple to understand? Maybe they're still working to improve on the concept, and then patenting it, before integrating their innovative new "wiping" idea into iOS8?

5
2
Silver badge
Facepalm

b-b-b-but....

We deleted the first letter of the file in the directory listing!

2
0
Facepalm

Remote wiping of a smartphone means removing all personal data from it, or restoring to factory status. I guess the problem here is that iMessages are delivered (like BBM) using Apple's infrastructure, which is still using something persistent like the IEMI to address the phone.

0
0
FAIL

Oh dear, do you really think filling your disk with zeros seven times constitutes a wipe?

Epic fail sir, all you data is mine.

2
1

Read the EULA

for any i message, droid message, win message, raspberry message software and service, it is basically what is mine is mine, what is yours is mine and what is everyone else's is mine and if I leak it it is your fault and if I choose to give it away you have just agreed to that.

So what issue would a provider have with not wiping or allowing messages to continue being delivered? No skin off their nose and its your fault for not wiping your missing phone properly.

0
0
Silver badge
Facepalm

Not quite the same, though.

RIM actually blocks a stolen BlackBerry's PIN so it can't be used by thieves. Using your new Blackberry and restoring your last backup file from your nicked BB will result in all your contactlist receiving and updating their contactlist to have your new PIN.... and this is done automagically. Same thing when you switch Blackberries.

The fact that the iPhone isn't doing this shows that security isn't really Apple's concern. EPIC FAIL on Apple's part!

0
0
Anonymous Coward

Sat there looking at me, hissing gently

David *Hovis*? Some relation to Frank Hovis I hope...

0
0

LOL

Now that is an old school reference if ever I saw one. Like a cobra ready to strike.

0
0
Gold badge
Unhappy

"The flaw was spotted by one David Hovis....."

I only managed to read that far, after that everything was drowned out by Dvořák's Symphony No. 9.........

1
0
Anonymous Coward

More useful

It would be handy to take a photo of the person using the phone using the forward facing camera and send it back to a 'secure' location. Assuming this can be done without breaching a crims human rights...

0
0
Silver badge

Epic fail

in 99% of the time, you'll snap the innocent patsy who *bought* the stolen phone.

0
0
Anonymous Coward

Unboxed, without accessories and out the back of some dodgy motor should count as 'in bad faith' as far as stolen goods are concerned.

0
0
Happy

Feature now flaw

I would have thought being able to bombard the recipient of a stolen phone with guilt inducing messages, a feature rather than a flaw.

0
0

I know of at least one case where this has worked with a stolen blackberry, identifying the buyer and the thief in the process.

1
0
Anonymous Coward

/me has ideas for (on a rooted phone at least) nuking the flash containing the firmware so a wiped phone can only be restored with a JTAG probe at the factory. Bonus points for overwriting sectors so many times they wear out.

0
0
Anonymous Coward

@SnotNice

Please do elaborate how you think you could get data from a modern disk that had been overwritten once, let alone seven times?

3
0
Silver badge
Unhappy

I came across an interesting iMessage bug

Turns out that iMessage uses the stored number in the My Number section in the Phone settings - which is not necessarily the same number the Network is using.

This number is picked up when a new sim is inserted. However if as I did you insert the Sim before the number porting is finished it uses the original sim number and not your ported one.

1
0
Silver badge

Wait a minute

The phone was reported a stolen and deactivated, yet it could still connect to the network and send/receive messages ?

What's the use of deactivating the bloody thing then ?

I thought that, when you report your phone as stolen, the phone network operators would refuse connections from that phone. That should mean that, even if the phone is not wiped, it is nothing more than a shiny brick with a screen.

If that is not the case, then what deterrent is there to make the thief's activity useless ?

1
0
Anonymous Coward

Can't be that simple

If that were true then there would be NO market in stolen phones would there?

I think the numerous dodgy independent shops that offer to change IMEI, jailbreak, and generally hack open, mobiles may play some part here...

0
0
Gold badge

As iMessage is quite a privacy risk I don't use it..

Like WhatsApp, iMessage in principle gives the US free access to the SMS traffic that otherwise remains in a country as it all has to happen over servers in the US.

However, I *have* experimented with it, so it probably would be A Good Thing(tm) if Apple could tidy this up. While they are at it, they could also drop the requirement to enable location data disclosure to Apple before you're entitled to use the remote wipe process of iCloud - there is no need for it.

AFAIK, coercion to obtain non.essential private data is actually illegal under EU privacy laws

1
0
Silver badge
FAIL

WhatsApp!

I consider it a security risk as well, because WhatsApp requires you to exchange mobile numbers. I don't like to dole away my mobile number to the world+dog; MSN and BBM PINs sure, I can block annoying people if I need to and they would still be ignorant of my actual phone number.

Oh, and by the way WhatsApp is buggy on non-US numbers. It suffers from artificial stupidity, it tacks on a leading 1 on our phones! so instead of, say

+525555545352

WhatsApp stores the ID as

+5215555545352

Sheesh.

0
0
Coat

Been said before

The provider only blocks the imei in the country of purchase, not worldwide...hence the majority of stolen phones end up in countries of the 419 region.

Also, if you bought it from Apple, why would the provider bother blocking the imei? no loss to them, maybe even a new customer to boot!

0
0
This topic is closed for new posts.