Having an iPhone stolen is never fun. But it could happen to all of us no matter how hard we try to avoid it. Most iPhone owners choose to remotely wipe their devices to prevent their sensitive data from ending up with a stranger. Besides, it is quite creepy for those who know you to receive text messages from an iPhone thief. As Ars Technica† has reported, some iPhone owners are discovering that their stolen iPhones are still capable of sending iMessages as their original owner.
Apple will surely have to address this at some point. A flaw in iMessage system lets thieves or people who buy stolen iPhones to send messages as the original owners. Nothing seems to stop this. That includes remote wiping, changing Apple account password or getting a new number. iOS security expert Jonathan Zdziarski told Ars Technica that caching may be the issue:
I can only speculate, but I can see this being plausible … iMessage registers with the subscriber’s phone number from the SIM, so let’s say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple’s servers with the UDID of the phone.
It seems getting a new Apple ID (and discarding the previous one) is the only way to get around this faw at this point. But that is not an ideal solution at all. Turning iMessage off would certainly addresss this. But when you lose your phone, you do not have the ability to turn iMessage off.
Losing an iPhone is never fun. You can always try to get your phone back. But you should not have to be subjected to the thief or the person who he/she sells your phone to sending text messages to those you know. Apple claims this is not a security issue. The company will most likely address this issue in the near future.