A Stolen iPhone Plus iMessage Could Spell Privacy Trouble for Your Firm

computer-security-guide-cover-2nd-ed

4-Step Computer Security Upgrade

Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.

A few months ago, Apple introduced iMessage, a nifty iOS 5 feature that allows you to send unlimited messages via WiFi or 3G from your iPad, iPhone, and iPod touch to anyone else who has one of those devices. Not only does iMessage allow you to save on data plans, it also allows you to track delivery and receipt of messages, create and read messages on multiple devices, and “enjoy secure encryption for text messages.”


Now imagine this: You accidentally leave your shiny iPhone sitting on a table in a coffee shop one day. When you head back to said coffee shop to retrieve your phone, it has already been swiped. Instead of freaking out, you take all of the right steps to protect your privacy and your clients’ privacy by disabling the stolen SIM inside your phone, remotely swiping data saved to your phone, changing your Apple ID password and registering a new device as the iMessage recipient. Security risk diverted, right?

Wrong.

Now, a third party has your old iPhone, and your friends’ and perhaps clients’ iMessages are still going through to your old phone and its new owner. Some stories have reported that this glitch is solely tied to the SIM card. In other words, the only way two phones would receive the same iMessages is if you removed the SIM card from a phone and put it in another phone, for example if you trade in a phone or if someone stole your SIM card and put it in a new phone. If this were the case, it would be simple to prevent this iMessage problem barring a few extremely unlikely circumstances. Unfortunately, recent events show that this isn’t the case.

On February 6, the NextWeb shared a different story. An Apple customer had her phone stolen in November last year. The next morning, she called her phone service provider and had the SIM card deactivated. Then, she contacted Apple, who walked her through the steps to reset her Apple ID password and insert a new SIM into another Apple device. Apple also told her to contact every single one of her contacts and tell them to stop sending her iMessages. After following all of these steps, iMessages were still going through to her stolen device until Apple finally agreed to “push code” into the stolen device to make it stop receiving her iMessages.

So far, Apple has insisted that this is not a bug or a flaw, and they have two simple suggestions on how to deal with stolen iPhones and iMessage:

(1) Just turn toggle iMessage off in the settings on the device. Oh wait, your device was stolen, and you can’t access the iMessage settings remotely; so…

(2) Just delete your Apple ID and set up a new account. What about all that music and all of those movies you downloaded on iTunes over the years? Time to say goodbye if you ever plan to download those purchases to a new device.

There is also the third option: Pester Apple support until they remotely disable iMessages from the stolen phone. Unfortunately, this option is not available to everyone, and in the case of the NextWeb story, it took weeks of correspondence with both tech support and the Apple legal department.

While Apple shouldn’t be held responsible for every stolen phone, there should be a clear way to protect privacy in the event of theft. Until that happens, it might be a good idea to avoid iMessaging with your clients.

Subscribe

Get Lawyerist in Your Inbox, Daily

Current Articles
Current Lab Discussions
  • Marcy Harrison

    I am interested in how the customer with the stolen iphone was able to get Apple to do the “push code” step to fix the imessaging issue. My daughter is going through the same thing, and every Apple service tech I have spoken to says they have never heard of that. All they can recommend to fix my daughter’s problem is that she get a new phone number. Thanks for any tips you can pass on!

    Marcy Harrison

  • Hi Marcy- I think that’s the main problem. The only way to get Apple to do the “push code” workaround is by persistently nagging them until the do it. In other words, it’s not something they offer freely. I’ll try to keep up on this information as it becomes available, though, and do an update.