All your iMessage belong to you —

iOS 6 fixes bug that sent iMessages to stolen iPhones

Rest assured: thieves won't get your texts—as long as you updated.

Apple has apparently quietly fixed a problematic bug in the iMessage protocol that resulted in the continued sending of iMessage data to iPhones that had been sold or stolen, even after they had been remotely wiped. According to The Next Web's sources, Apple rolled the fix out in iOS 6, so updated devices should no longer mistakenly receive what could be potentially intimate, private messages from friends or family.

We reported on the problem last December after Ars reader David Hovis discovered iMessages were being sent to his wife's stolen iPhone 4S. Despite remotely wiping the device and changing her Apple ID password, messages sent to Mrs. Hovis were also still going to the unsuspecting buyer of the purloined iPhone, even though that person had activated the device with a new number.

iOS security expert Jonathan Zdziarski speculated that once iOS devices were registered with Apple's iMessages servers, the UDID of the device may be cached along with the phone number or e-mail address associated with the device. The UDID would not change, even if the device was wiped and registered with a new phone number, so iMessages would still be pushed to that device.

Apple has implemented a number of additional checks on iMessage use in iOS 6. For instance, when you register a device with the iMessage system, you'll get an e-mail notifying you of the change. You'll also get push notifications to your other iOS devices.

Critically, according to The Next Web, iOS 6 requires users to reenter their Apple ID password whenever it is changed to continue to receive iMessages. So if your iPhone or other iOS device is stolen, you can change your Apple ID password and enter it on your replacement device (or re-enter it on other iOS devices) to keep iMessages coming your way. The stolen device will effectively be "de-registered" and won't be able to receive iMessages intended for you.

It's worth noting that devices that have not been updated to iOS 6 could still potentially be affected by the problem, assuming whoever ends up with the device also doesn't update iOS.

Channel Ars Technica