Over the weekend I wrote a news story for DaniWeb which revealed how the iPhone was vulnerable to SMS text message spoofing. This went under the title "Why Apple was right about iMessage 'fix' for iPhone SMS spoofing" because, simply put, SMS text messaging is exposed to this kind of User Data Header manipulation (and not just on the iPhone) whereas Apple's own iMessage isn't. However, as you may have guessed from the title of this follow-up news story that you are reading right now, I may have been a little premature in backing Apple as it seems iMessage is not without it's own privacy issues.
Apple has a point when addressing the specific issue of UDH manipulation, or text message spoofing if you prefer, when it comes to SMS. There are, though, a couple of however's that need attaching by way of qualification here:
However number one is the fact that Apple could, if it so desired, implement SMS on the iPhone in such a way that the UDH manipulation itself would be very apparent to the recipient of the text message. Indeed, plenty of other mobile phones seem quite capable of doing so.
It's however number two, though, which is where the focus of this follow-up rests: Apple managed to quite nicely skip over something of a controversy that has been brewing around the use of iMessage on the iPhone for many months now in the shape of private conversations being viewable if your iPhone gets sold or stolen. That's an iPhone without your SIM in it, or a SIM that has been deactivated by your network provider.
If someone else were to put their SIM into your iPhone, maybe a family member testing something for example, and you both have iMessage enabled then something odd happens. The phone without the SIM will still have the phone number connected to iMessage in that hardware, and after a minute or two of verification the phone with the SIM in will as well. Things get weirder though, swap the SIM back out and put it back into the original handset and both iPhones will receive any iMessages sent to that number despite one phone not having a SIM in at all and having a different Apple ID to the original. Reply to an iMessage and it appears as a sent message on both handsets. Of course, because of the way that iMessage works, this means that anyone with an iPhone and iMessage enabled who sends a text message to that number will have it automatically diverted from the SMS system (that Apple has said isn't as secure as iMessage) and rerouted across the Internet via iMessage instead.
OK, I admit that this is something of an unusual situation in that you have to get the SIM out of one phone and into another for a few minutes, but it's hardly out the bounds of reason for a determined spy now is it? Once done, that spy can intercept and join in with all the iMessage conversations of the target. Turning off iMessage on the original, target, iPhone just means that phone would no longer see them while the spy phone continues to do so.
If an iPhone were to be lost or stolen, and assuming the SIM is in-situ, then even a remote wipe would not prevent the iMessage service from being activated (or rather reactivated) on the stolen handset and your messages viewable. Until the thief inserted a different SIM that is.
The most likely privacy invading scenario I can see here is that of the classic jealous spouse, looking for proof of cheating in a relationship. It would be relatively easy to make the swap unnoticed and then have unhindered access to iMessages on an otherwise unused iPhone handset.
If your iPhone is stolen, then this whole thing is likely to be a very unlikely event if you ask me. Why would a thief waste a valuable iPhone just to pry on someone they likely do not know and get to read his or her boring conversations with friends? If your iPhone is stolen then a remote wipe coupled with a call to your network provider to deactivate the SIM within 24 hours of that remote wiping should do the trick. Activating your new iPhone with the replacement SIM with the same number would mean that all diverted SMS texts would continue to appear in your iMessage feed on your new device. I say 'should do the trick' as there are plenty of reports online suggesting it's not always the case. Some say that changing Apple ID accounts, deactivating SIMs, remote wiping etc make no difference. You just need to search through the Apple support forum or any of the Mac support forums for plenty of examples. I would prefer it if Apple made it so that the act of swapping a SIM between devices meant that the account was automatically disabled until or unless your user password was entered. The same way that it is implemented under Android, for example.
To prevent this being a problem when you sell an iPhone, it seems that taking the SIM out, turning off the iMessage service and then restoring the iPhone and turning iMessage back on but without a SIM inserted should work from the postings I have seen online. Obviously, if your iPhone has been stolen this is not possible...
Has anyone here experienced this problem, and if so how did you fix it? Were Apple helpful or dismissive? Do you think Apple needs to address this as a matter of urgency or is it just a lot of fuss about relatively nothing? As a developer, how would you solve the problem? Join in the DaniWeb conversation and let us know.