Earlier this year a series of stories exposed an odd bug in Apple’s iOS software that allowed stolen iPhones to continue receiving iMessage messages, even if the SIM was deactivated and password changed. Now, we have learned that the bug has been rectified as of Apple’s release of iOS 6 in September.
According to a source with knowledge of Apple’s steps to correct the matter, the issue has been fixed in iOS 6 through a variety of checks placed on iMessage. The most important of these is that Apple now uses its push systems to force a user to re-enter a password to use iMessage once your Apple ID credentials have been changed.
This means that, if your phone is stolen, you can change your Apple ID password and all of your devices will require that password to be re-entered before anyone can use iMessage on it.
In addition, placing your SIM in a new phone with the same number associated or wiping your phone with Find My iPhone will now disable your stolen device from receiving iMessages. Both of those were common fixes that appeared not to work for many customers under iOS 5.
There were a couple of false start reports when the news broke about the vulnerability, like an account from Gizmodo, which ended up being a ‘perfect storm’ of circumstances rather than a flaw. Apple responded to that problem and it calmed down. But another story from Ars Technica, showed just how hard it was to stop a stolen iPhone or other device from receiving iMessages. That, in addition to postings on Apple’s support forums and other site forums like MacRumors’ indicated that there was an issue with the iMessage system.
This was backed up by a customer who received compensation from Apple after her iPhone experienced a similar issue.
While there was quite a flurry of reports about this issue earlier this year, it appeared to have calmed down significantly over the intervening months. The new information that we received seems to indicate that, though it was a real issue, it has now been resolved.