Terrifying tales have surfaced recently of unsuspecting iPhone users that have had their private conversations swiped by thieves or intercepted by accident, and through our own independent test we've confirmed the issue and at least one way it could arise — but, to be clear, that doesn't mean you should hit the panic button.
Stories about a potential iMessages bug swirled after users started to report on the issue in forums — one user in a MacRumors thread said that after having their iPhone stolen, their iMessages were still being intercepted by the thief despite a remote wipe. In December, Ars Technica reported that one of their readers had befallen a similar fate. And recently, Gizmodo intercepted a bunch of private communications from an Apple store employee after taking an iPhone 4 in for repairs.
Apple representative Natalie Harrison tells us that the problem in the Gizmodo case is not a bug with iMessage, but rather a rare situation in which a retail employee broke protocol and used their personal SIM to help a customer that didn't have a working SIM. But what about those who have their iPhones or SIMs stolen? The issue may not be a catastrophic "bug," but it's certainly a reproducible exploit. So here's what you need to know.
The SIM-swapping field test
With the iPhones of our own Ross Miller, Patrick Austin, and Chris Welch as test subjects, we've successfully reproduced the iMessage issue. This can be done with any SIM-equipped iPhone at any time, but the process is imperfect and time-consuming.
For this test, we used three carrier-locked iPhones — henceforth described simply as the Victim (the original iPhone), the Spy (the conversation-scraping iPhone), and the Bystander (a garrulous third party).
First, make sure iMessage is set up on all phones. From the Settings → iMessage window, you should see the phone number listed and grayed out. As an note, iMessage is a substitute for SMS; when iMessage is enabled, the iPhone sends iMessages instead of SMS, and vice-versa.
Now, take out the Victim's SIM card and put it in the Spy's iPhone. On the Victim's phone you'll get a "No SIM installed" pop-up and and the Settings → Phone menu will be inaccessible, but sure enough, the phone number will still be listed under iMessage.
The Spy's phone, however — now containing the Victim's SIM card — will attempt to verify said card. This will take several minutes, but the process can be expedited by turning the phone off and on. The same phone number will then be connected to both iPhones, despite having different Apple IDs. You can put the Victim's SIM card back in his or her phone or simply toss it away.
What happens next
From the Bystander's iPhone (with iMessage on — it doesn't happen otherwise), send a message to the Victim's phone number. Both the Victim and the Spy will get it, despite only one of them having a SIM card. If either iPhone responds, both will see it come up as a "sent" message. The SIM-less iPhone can intercept (and even join in) all of someone else's iMessage conversations without any signs of intrusion. It'll look as if your phone is possessed.
If the Victim turns off iMessage, it would only serve to cut them out of the loop. The Bystander's phone would still detect iMessage to be working (via the Spy's phone), and would send iMessages to the Spy's phone that the Victim won't be able to see.
How to disable
As the Victim
When we remote wiped the Victim's iPhone, iMessages was disabled, but only when the SIM was removed. If the SIM is still in the phone, as may be the case in a scenario where the phone is stolen, iMessages can still be reactivated, but only if that SIM is still valid. Therefore, if you're the Victim, your best bet is to perform a remote wipe and then immediately deactivate the old SIM card — after our own test, we've confirmed that this method will invalidate the old SIM, clear the phone, and prevent it from being reactivated with your phone number.
As the Spy
This whole issue stems from the phone number staying tied to the phone's iMessage service even after ejection. The iPhone itself clearly knows the SIM is missing, as exhibited by the disabled Phone settings. If, however, you have the SIM-less iPhone and you're tired of invading someone else's privacy, popping in another SIM card or even just turning iMessage off and on should sever ties completely.
Why this (probably) doesn't matter
We've recreated all this in a controlled environment, but that doesn't exactly mean it might come up in a real world setting — the biggest danger here is that someone might swipe your SIM card, slap it in a spare iPhone, put it back in your iPhone after verification, and then monitor all of your conversations without you ever knowing. And since this all takes place on the physical level, your messages can be swiped even if your phone is passcode locked. And what if your phone is stolen? In that case, you can always default to normal panic mode, which is the same on all platforms.
Of course, if someone ever does get their hands on your iPhone, there's a whole host of other nefarious things that they could do than swipe your SIM card — so the issue might not deserve some of the hysteria we've seen across the web, but it's also clearly a risk that Apple needs to address. Until then, it's just one more reason to think twice the next time you consider leaving your iPhone unattended at the bar.
Ross Miller contributed his words, time, and sense of privacy to this report. Special thanks to Patrick Austin, Chris Welch, David Pierce, and Michael Shane, as well.