iPhone bug opens up stranger's life to the world
Gizmodo has raised awareness a serious problem regarding an iMessage bug that, under the wrong circumstances, might result in your messages being seen by others, or you seeing someone else's messages. It's not a new issue; Ars Technica reported on it in December with stolen iPhones, and the problem is an ongoing one.
The behavior is most likely linked to Apple retaining the UDID of older phones in its database. The theory is that when a new UDID from a replacement device is linked to an Apple ID, the old identifier is not being removed. In the scenario Gizmodo discusses, the phone involved is owned by a minor who's now seeing iMessages that an Apple retail employee is sending to friends and loved ones -- all without the employee being aware. Gizmodo believes that when the minor's iPhone was taken to the Apple Store for repair, the employee swapped his SIM card -- not a standard practice -- with the phone being repaired, which is enough to cause the issue.
As underscored by the previous reports, this is a serious problem. But Gizmodo, apparently not having learned its lesson from a couple years ago, decided to make its point about this security flaw by plastering the Apple retail employee's iMessages on its site.
Gizmodo boasts that it's found a plethora of information on the employee, dubbed "Wiz," including his home address, Facebook, email, where he exercises and the Apple Store where he works. "We know enough about this guy to stalk him, blackmail him, and harass him, using nothing more than what we've picked up," writer Sam Biddle brags. The site has posted screenshots of Wiz's iMessages, which involve attempts at getting a date, discussing Apple's first quarter financial results, photos alone and with friends, and more.
While Gizmodo has made its point, it does so in a way that outs an employee who was just doing his job by repairing the kid's phone -- and he probably had no idea that this was happening until his photos and iMessages began to be plastered all over the Internet today. While the employee's name and face were blurred out, enough identifying details remain that it wouldn't be hard to figure out who he is. If Gizmodo can find him, so can anyone smart enough to do a bit of digging on Google.
What Gizmodo has done is sensationalistic and in extremely poor taste, even drawing criticism from content partner MSNBC, which chastised the site for posting the iMessage images. The sensationalism only serves to draw attention away from the bigger issue of people's information being compromised. Gizmodo could have gone about this in a different manner. Exposing the employee's private life to this degree was not necessary to make the point that something is seriously wrong with iMessage.
Share
Gizmodo has raised awareness a serious problem regarding an iMessage bug that, under the wrong circumstances, might result in your...
Add a Comment
I use my SIM all the time to activate new iPhones (or those that have been updated via DFU) and the first time I encountered the issue was when activating my brother's brand new iPhone4S.
My daughter sent me an iMessage which was received on my brother's phone (which was still sitting on my desk without a SIM card in it) instead of on my iPhone.
I immediately checked the SIMless device's phone number (it still showed mine) and iMessage status. Turned iMessage and Facetime OFF on both my brother's and my iPhones and everything returned to normal -- took all of 90 seconds!
It's exactly this sort of behavior that caused me to stop reading Gizmodo after the iPhone 4 incident. It used to be on my regular reading ritual every day, now I never consider looking at them at all. If anything should be plastered on their site, it is this message for their advertisers to see that they are losing readership. Or better yet, if we all just ignore them altogether it's even better
February 02 2012 at 8:07 PM Report abuse Permalink rate up rate down Reply
Shannon Doherty
Gizmodo doing something sensationalistic and in extremely poor taste? What else is new?
February 02 2012 at 2:30 PM Report abuse Permalink rate up rate down ReplyWell I'm glad they did.. apple is sometimes deaf about their security holes.
Maybe this clamor is enough to make apple work on the problem
Shannon Doherty
How much more "deaf" are they vs other companies?
February 02 2012 at 2:30 PM Report abuse Permalink rate up rate down ReplyBut to play devils advocate, what IS going to get Apple to address this problem? It's been a known issue for some time yet they've chosen to more or less ignore the issue. Although I don't condone Gizmodo's actions, the end result will probably be that Apple will at least address the issue now.
February 01 2012 at 9:53 PM Report abuse Permalink -1 rate up rate down ReplyGlad I don't read Gizmodo, and I never will.
February 01 2012 at 7:24 PM Report abuse Permalink +5 rate up rate down ReplyI'm so glad someone did a write-up of Gizmodo's post. When I read it, I felt sick. They have no journalistic values over there. I mean really, posting those screen shots from the phone were not only distasteful, but immoral. But then again, do we really expect better from Gizmodo? These are the same people that went around with Apple remotes one year at MacWorld messing up peoples presentations, and the TV-B-Gone that was used for the same reason at CES. Then of course there's them buying the iPhone prototype which led to an Apple employee being fired. **** you Gizmodo.
I hope Engadget knows and values the importance of journalistic integrity.
So is there anyway to protect ourselves from this, ESP when passing on an old iPhone?
February 01 2012 at 6:29 PM Report abuse Permalink rate up rate down ReplyLogging out of iMessage (and FaceTime, I guess) on the old iPhone and verify that it doesn't recieve iMessages? I've changed Apple ID for iMessage on an iPod touch at least three times without running into this.
February 01 2012 at 6:41 PM Report abuse Permalink +2 rate up rate down Reply@Markus: I think this only applies if you are sending iMessages to an iPhone's phone number and not an Apple ID email address.
February 01 2012 at 7:19 PM Report abuse Permalink rate up rate downRight now, the only "maybe" solution is to unregister your iPhone from your support profile. The theory is doing so will tell Apple's server to dissociate your hardward from your account, meaning iMessages will no longer be sent to that hardware. I'm not sure how effective this is since I took a look for myself and noticed my iPhone was *not* on that list. Oh well.
Oh, fyi - this tip also comes from a Gawker site. Fortunately, it's the one site Gawker has that actually has credibility.
http://lifehacker.com/5873353/fix-the-imessage-bug-so-you-can-still-get-messages-if-you-switch-to-android-from-iphone
@Markus, had thought i'd do that myself.
@Yuusharo, nice tip re the support profile, will definitely do that. I always have to remember to unregister my Mac from the iTunes store when i upgrade. Looks like similar procedures will be needed to pass on an iPhone.
Mr. E
Lawsuit should be coming up soon.
February 01 2012 at 6:14 PM Report abuse Permalink rate up rate down ReplyGizmodo did something in poor taste?!?! What a surprise...
February 01 2012 at 5:39 PM Report abuse Permalink +6 rate up rate down ReplyDeals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
- Skullcandy Riot Earbud Headphones for $10 + free shipping
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
15 Comments