Apple bug let us spy on stranger's iPhone


On Wednesday, the popular gadget blog Gizmodo proclaimed that the site's writers were able to "spy on a total stranger's iPhone" thanks to an iMessage-related bug. "Apple, you might want to fix this," suggests the post, which goes on to describe with embarrassing detail what the writers learned about the stranger, an Apple Store employee.

The technical quirk, according to Gizmodo's Sam Biddle, occurred when a mother took her son's iPhone into an Apple Store for some sort of repair. The device was returned in perfect working condition — except that it had now "become a portal into another man's private life."


No matter how often the iPhone was reset to its factory state or its owner's information re-entered, the device kept receiving every incoming and outgoing message intended for another individual — dubbed "Wiz" because of how he was addressed in messages.

Despite our great respect for the publication, we did not ask Gizmodo for the right to republish any of the images found in the post. While we take the bug seriously, and agree with Gizmodo that it should be exposed so that Apple feels pressure to fix it fast, we don't support the blog's decision to release the images, however censored, as they only add to the potential embarrassment of a young man who appears to be the victim of a technical quirk. 


Biddle suggests that it is possible that Wiz's iMessages are being synced to another device because he may have been the one to repair that particular device, and during that process placed his personal SIM card into it. This is simply a theory, but iOS security expert Jonathan Zdziarski previously shared some thoughts on a similar issue with Ars Technica:

I can only speculate, but I can see this being plausible. iMessage registers with the subscriber's phone number from the SIM, so let's say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple's servers with the UDID of the phone.

In other words, if Wiz placed his own personal iPhone's SIM card into the device he was repairing, it could be possible that his iMessage account was registered on that iPhone as well.

The speculation can't be confirmed without an Apple software engineer. Hopefully Apple will investigate and discover for sure how one man's iMessages wound up on a stranger's device. We did reach out to Apple for comments, and will post an update if we receive a reply — or notice of an upcoming iOS software patch.


"Original story by Rosa Golijan posted at