back to article Stolen, remote-wiped iPhones still get owner's iMessages

Victims of iPhone theft have discovered that remotely wiping the nicked kit won't stop iMessage content being delivered to the thief, who can continue to respond under the owner's name. The flaw was spotted by one David Hovis, whose wife had her iPhone lifted and promptly deactivated the mobile number, remotely wiped the data …


This topic is closed for new posts.
  1. theloon

    Major #FAIL

    fix now....nuff said

  2. Wize

    Shouldn't a stolen phone... remotely made into a brick? Or turned into a tracker to recover the device?

    If people get stung handling stolen goods, isn't it their own fault?

    1. Tom 13

      Re: ",,,own fault?"

      Probably, but not necessarily. If the perp KNOWS he got stolen stuff because he bought it from a fence or a super-great deal, yes. But I can imagine a retailer receiving stolen kit and selling it as new to boost his profit margins. In that case, no. But if that's the case I would also expect him to immediately go to the police with his sales receipt, turn over the kit, and request an investigation of the retailer.

  3. Big-nosed Pengie


    What does that mean? He leered at people?

    1. Jan 0 Silver badge


      Are you wary of sticking yer nose in?

      Ain't you suspicious?

  4. Anonymous Coward

    iMessage experiences when roaming

    Me and the missus both use an iPhone, after recent experiences we both turned iMessage off. I was abroad, she was texting me but I never received anything since I forgot to tun on roaming data on my iPhone. And unlike "basic" texting, she never got an "unable to deliver" message, and I never got the texts she sent once roaming data was enabled. So we're happy to pay for our messages, since we're sure they'll (eventually) get where they are supposed to be.

    After reading these reports I can only conclude that iMessage should be turned off by default. Nice to have, but pretty useless if you want to have a reasonable chance that your message gets there.

    1. Anonymous Coward
      Anonymous Coward

      Fail to understand that

      I send messages to UK from abroad (where I live) almost daily, to iphone users from my iphone. Sometimes one of them and sometimes not is using data roaming, rather unpredictably and sometimes I am and sometimes not. In my limited experience, we have not lost any messages yet.

    2. Henry Blackman

      @Mosquito iMessage is indeed turned off by default. This is a bit daft, but no doubt will be addressed in a future update. Hardly anything to worry about.

      If an iMessage cannot be delivered it usually is then sent by SMS or the sender is given a choice.

  5. b166er

    I thought stolen phones had their IMEI's blacklisted?

    So what would be the point of buying a stolen iPhone? To use as an iPod?

    I which case, surely the buyer rumbled something was up.

  6. Stupidscript


    Not much of a "wiping", now, is it? If the phone still functions AT ALL after being "wiped", then it wasn't "wiped". When I "wipe" a hard drive, I overwrite every disk cluster with 0s about 7 times. Now THAT's a "wipe". Anything less and data is recoverable ... ergo, the device has not been "wiped".

    But maybe that's too simple for Apple to understand? Maybe they're still working to improve on the concept, and then patenting it, before integrating their innovative new "wiping" idea into iOS8?

    1. P. Lee


      We deleted the first letter of the file in the directory listing!

    2. tirk

      Remote wiping of a smartphone means removing all personal data from it, or restoring to factory status. I guess the problem here is that iMessages are delivered (like BBM) using Apple's infrastructure, which is still using something persistent like the IEMI to address the phone.

      1. Daniel B.

        Not quite the same, though.

        RIM actually blocks a stolen BlackBerry's PIN so it can't be used by thieves. Using your new Blackberry and restoring your last backup file from your nicked BB will result in all your contactlist receiving and updating their contactlist to have your new PIN.... and this is done automagically. Same thing when you switch Blackberries.

        The fact that the iPhone isn't doing this shows that security isn't really Apple's concern. EPIC FAIL on Apple's part!

    3. Snot Nice

      Oh dear, do you really think filling your disk with zeros seven times constitutes a wipe?

      Epic fail sir, all you data is mine.

    4. Usually Right or Wrong

      Read the EULA

      for any i message, droid message, win message, raspberry message software and service, it is basically what is mine is mine, what is yours is mine and what is everyone else's is mine and if I leak it it is your fault and if I choose to give it away you have just agreed to that.

      So what issue would a provider have with not wiping or allowing messages to continue being delivered? No skin off their nose and its your fault for not wiping your missing phone properly.

  7. Anonymous Coward
    Anonymous Coward

    Sat there looking at me, hissing gently

    David *Hovis*? Some relation to Frank Hovis I hope...

    1. Neill Mitchell


      Now that is an old school reference if ever I saw one. Like a cobra ready to strike.

  8. TeeCee Gold badge

    "The flaw was spotted by one David Hovis....."

    I only managed to read that far, after that everything was drowned out by Dvořák's Symphony No. 9.........

  9. Anonymous Coward
    Anonymous Coward

    More useful

    It would be handy to take a photo of the person using the phone using the forward facing camera and send it back to a 'secure' location. Assuming this can be done without breaching a crims human rights...

    1. JimmyPage Silver badge

      Epic fail

      in 99% of the time, you'll snap the innocent patsy who *bought* the stolen phone.

      1. Anonymous Coward
        Anonymous Coward

        Unboxed, without accessories and out the back of some dodgy motor should count as 'in bad faith' as far as stolen goods are concerned.

  10. druck Silver badge

    Feature now flaw

    I would have thought being able to bombard the recipient of a stolen phone with guilt inducing messages, a feature rather than a flaw.

    1. Bradley

      I know of at least one case where this has worked with a stolen blackberry, identifying the buyer and the thief in the process.

  11. Anonymous Coward
    Anonymous Coward

    /me has ideas for (on a rooted phone at least) nuking the flash containing the firmware so a wiped phone can only be restored with a JTAG probe at the factory. Bonus points for overwriting sectors so many times they wear out.

  12. Anonymous Coward
    Anonymous Coward


    Please do elaborate how you think you could get data from a modern disk that had been overwritten once, let alone seven times?

  13. Gordon 10

    I came across an interesting iMessage bug

    Turns out that iMessage uses the stored number in the My Number section in the Phone settings - which is not necessarily the same number the Network is using.

    This number is picked up when a new sim is inserted. However if as I did you insert the Sim before the number porting is finished it uses the original sim number and not your ported one.

  14. Pascal Monett Silver badge

    Wait a minute

    The phone was reported a stolen and deactivated, yet it could still connect to the network and send/receive messages ?

    What's the use of deactivating the bloody thing then ?

    I thought that, when you report your phone as stolen, the phone network operators would refuse connections from that phone. That should mean that, even if the phone is not wiped, it is nothing more than a shiny brick with a screen.

    If that is not the case, then what deterrent is there to make the thief's activity useless ?

    1. Anonymous Coward
      Anonymous Coward

      Can't be that simple

      If that were true then there would be NO market in stolen phones would there?

      I think the numerous dodgy independent shops that offer to change IMEI, jailbreak, and generally hack open, mobiles may play some part here...

  15. Fred Flintstone Gold badge

    As iMessage is quite a privacy risk I don't use it..

    Like WhatsApp, iMessage in principle gives the US free access to the SMS traffic that otherwise remains in a country as it all has to happen over servers in the US.

    However, I *have* experimented with it, so it probably would be A Good Thing(tm) if Apple could tidy this up. While they are at it, they could also drop the requirement to enable location data disclosure to Apple before you're entitled to use the remote wipe process of iCloud - there is no need for it.

    AFAIK, coercion to obtain non.essential private data is actually illegal under EU privacy laws

    1. Daniel B.


      I consider it a security risk as well, because WhatsApp requires you to exchange mobile numbers. I don't like to dole away my mobile number to the world+dog; MSN and BBM PINs sure, I can block annoying people if I need to and they would still be ignorant of my actual phone number.

      Oh, and by the way WhatsApp is buggy on non-US numbers. It suffers from artificial stupidity, it tacks on a leading 1 on our phones! so instead of, say


      WhatsApp stores the ID as



  16. micheal

    Been said before

    The provider only blocks the imei in the country of purchase, not worldwide...hence the majority of stolen phones end up in countries of the 419 region.

    Also, if you bought it from Apple, why would the provider bother blocking the imei? no loss to them, maybe even a new customer to boot!

This topic is closed for new posts.

Other stories you might like