Gizmodo has raised awareness a serious problem regarding an iMessage bug that, under the wrong circumstances, might result in your messages being seen by others, or you seeing someone else’s messages. It’s not a new issue; Ars Technica reported on it in December with stolen iPhones, and the problem is an ongoing one.
The behavior is most likely linked to Apple retaining the UDID of older phones in its database. The theory is that when a new UDID from a replacement device is linked to an Apple ID, the old identifier is not being removed. In the scenario Gizmodo discusses, the phone involved is owned by a minor who’s now seeing iMessages that an Apple retail employee is sending to friends and loved ones — all without the employee being aware. Gizmodo believes that when the minor’s iPhone was taken to the Apple Store for repair, the employee swapped his SIM card — not a standard practice — with the phone being repaired, which is enough to cause the issue.
As underscored by the previous reports, this is a serious problem. But Gizmodo, apparently not having learned its lesson from a couple years ago, decided to make its point about this security flaw by plastering the Apple retail employee’s iMessages on its site.
Gizmodo boasts that it’s found a plethora of information on the employee, dubbed “Wiz,” including his home address, Facebook, email, where he exercises and the Apple Store where he works. “We know enough about this guy to stalk him, blackmail him, and harass him, using nothing more than what we’ve picked up,” writer Sam Biddle brags. The site has posted screenshots of Wiz’s iMessages, which involve attempts at getting a date, discussing Apple’s first quarter financial results, photos alone and with friends, and more.
While Gizmodo has made its point, it does so in a way that outs an employee who was just doing his job by repairing the kid’s phone — and he probably had no idea that this was happening until his photos and iMessages began to be plastered all over the Internet today. While the employee’s name and face were blurred out, enough identifying details remain that it wouldn’t be hard to figure out who he is. If Gizmodo can find him, so can anyone smart enough to do a bit of digging on Google.
What Gizmodo has done is sensationalistic and in extremely poor taste, even drawing criticism from content partner MSNBC, which chastised the site for posting the iMessage images. The sensationalism only serves to draw attention away from the bigger issue of people’s information being compromised. Gizmodo could have gone about this in a different manner. Exposing the employee’s private life to this degree was not necessary to make the point that something is seriously wrong with iMessage.