A serious flaw in the iMessaging app for Apple's iOS 5 allows strangers to receive personal — and in some cases extremely private — messages not meant for them.

 

The tech blog Gizmodo got hold of a teenager's iPhone that, after servicing at an Apple store, became "a portal into another man's private life." The phone began receiving every incoming and outgoing message meant for an Apple store technician.

 

The technician's messages, some of them including risqué images, popped up on the teenager's screen. The technician had no knowledge that his messages were not being sent to their designated recipients. 

 

Using information in the messages, Gizmodo was able to determine the technician's home address, Facebook profile and email address, as well as the Apple store where he works.

 

Apple did not immediately respond to requests for comment.

 

iMessage is an Internet-based instant-messaging application that Apple introduced with iOS 5 in October 2011. It functions as an alternative to cellular-network-based text-messaging, and also works on iPads and iPod Touches without cellular access.

 

Gizmodo theorized that the technician's private messages showed up on the teenager's phone because the technician might have tested his own iPhone's SIM card on the handset while repairing the teen's iPhone.

 

Late last year, Ars Technica reported  that several stolen iPhones, even after having been remotely wiped and deactivated, still sent and received iMessages that were being picked up by the original owners on their new iPhones. 

 

The problem appeared to affect both AT&T and Verizon Wireless models, and in at least one case, iMessages from the new owner of a stolen iPhone managed to get through even after the phone's rightful owner changed her telephone number and Apple ID password.

 

There have been no reports of similar problems occurring with iPads or iPod Touches running iOS 5.

 

Related on SecurityNewsDaily:

 

Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved.