Last week, Gizmodo wrote on how a regular Apple Genius inadvertently opened their life up for another iPhone user to spy on them. The story is nuanced: essentially, multiple iMessage accounts can be paired with a phone number.
In this instance, the employee used his personal SIM to test an iPhone that was brought to the Apple Store for repair. Unaware of the effect of what he did, he carried along throughout the day as usual, exchanging iMessages and photos with his friends. What he didn't know was the iPhone he'd repaired had his SIM card's phone number verified whilst it was inserted, so that phone also received the same messages and photos that he sent and received.
The process ran like this:
- The Genius' personal SIM was put in another iOS 5+ device
- The SIM was verified in iMessage on that device
- His SIM was put back in his own phone... and when he sent messages, they were then relayed to both devices
Everything was seen by a child that happened to be the owner of the other iPhone. In the UK this would give rise to a number of legal issues: cell phone tracking without permission or disclosure is illegal, and is rightly pursued by authorities in the US and UK.
It's an important feature to highlight, as it's not intuitive, and if it can affect an Apple Genius it's likely to affect other users. We don't approve of Gizmodo's sharing of personal information in the article, however.
Apple has spoken to The Loop regarding this issue, and spokesperson, Natalie Harrison, put it down to the employee's negligence:
This was an extremely rare situation that occurred when a retail employee did not follow the correct service procedure and used their personal SIM to help a customer who did not have a working SIM. This resulted in a temporary situation that has since been resolved by the employee.
Using personal SIM cards to help a customer is obviously against Apple's service procedures. Using a test SIM card or toggling the iMessage on and off could have prevented it from happening. Nonetheless, it is surprising how switching SIMs caused such an issue -- and it can still affect lost or stolen iPhones.
We look forward to seeing Apple release safeguards to prevent potential vulnerabilities such as this.