Jacqui Cheng writing for Ars Technica:
Those who have had a phone lost or stolen are familiar with the horrors that follow: the thief (or the person he sold your phone to) starts to send texts as you to your family and friends, leaving you scrambling to de-activate the device as soon as possible. For modern iPhone owners, though, such a phenomenon should be in the distant past thanks to the advent of remote wipe capabilities, right?
Perhaps not. Some unlucky iPhone owners are beginning to discover that, despite their best efforts to remove all information from their stolen phones, thieves and unsuspecting buyers are still able to send and receive iMessages as the original ownerâ€”even after the device is registered under a new account. Almost nothing seems to workâ€”remote wiping, changing Apple ID passwords, or even moving the old phone number to a new phoneâ€”and users are becoming more than frustrated that thieves are so easily able to pose as them.
This sounds disconcerting. I can only assume what’s happening here, but it sounds to me the UDID of the device is being cached on Apples servers and not being wiped when you (remote) wipe your stolen/old device. Regardless if sold or stolen, wiping your phone should also wipe any iMessage associations with the device. iMessage-Gate, anyone?
The solution â€“ cancelling your Apple ID â€“ isn’t one. Like Ars Technica, I’ve reached out to Apple for a comment about this issue.
Update: The usual Apple answer arrived: No comment.
Update 2: Here’s a possible solution.