Apple and T-Mobile face class action lawsuit over an iPhone security flaw that allowed strangers to access private iMessages and FaceTime calls
- The class action suit against Apple and T-Mobile was filed Monday in New York
- It claims that the companies jeopardized consumer privacy by failing to disclose a security flaw that allowed strangers to access iMessages and FaceTime calls
- The flaw allowed an Apple ID to remain linked to a T-Mobile SIM card even after the iPhone owner had stopped using the SIM and changed phone numbers
- As a result the previous owner could receive communications intended for a new owner who was assigned the phone number after it was recycled by T-Mobile
- The suit accuses Apple of misleading customers by touting its privacy features despite the flaw remaining in effect for at least seven years
- It claims T-Mobile exacerbated the issue with its practice of recycling numbers
Apple and T-Mobile are being sued over a long-running security flaw that allowed strangers to access private iMessages and FaceTime calls.
A class action lawsuit filed on Monday in the US District Court for the Southern District of New York by plaintiffs Tigran Ohanian and Regge Lopez accused the defendant companies of jeopardizing consumer privacy by failing to report the flaw.
The case centers around an issue first discovered in 2011 which prompted an Apple ID – the account required to use Apple products – to remain linked to a T-Mobile SIM card even after the iPhone owner had stopped using the SIM and changed phone numbers.
As a result of the ‘legacy connection’, the previous owner could receive iMessages and FaceTime calls intended for a new owner who was assigned the phone number after it was recycled by T-Mobile.
Apple and T-Mobile are facing a class action lawsuit over a long-running security flaw that allowed strangers to access private iMessages and FaceTime calls (file photo)
The suit says that neither Apple nor T-Mobile sought to prevent the issue by requiring customers to manually disassociate their Apple ID from their old phone number before switching SIM cards.
‘Apple knowingly allowed multiple unrelated Apple IDs of consumers that had purchased iPhones to coexist and to be associated with the same phone number,’ the complaint states, ‘while T-Mobile compounded the problem by engaging in deceptive SIM card practices.’
It alleges that both Apple and T-Mobile caused customers to become ‘unsuspecting victims of extensive security data breaches’.
While the flaw first came to light back in 2011, the suit contends that it ‘still may be affecting customers’.
The flaw allowed a Apple ID to remain linked to a T-Mobile SIM card (above in a file photo) even after the iPhone owner had stopped using the SIM and changed phone numbers
Ohanian and Lopez filed the class action suit individually and ‘on behalf of all other persons similarly situated’.
The complaint describes how Ohanian began receiving ‘extensive amounts’ of unwanted communications addressed to Lopez after Ohanian gave up the number and it was recycled to Lopez.
It also references news articles from 2011 and 2012 about how other people were affected by the flaw.
It’s unclear how widespread the issue was before Apple addressed it in 2018 by requiring multi-factor authentication under its iOS 12 operating system update.
Apple Insider, which was first to report the lawsuit, noted that both iPhone users would need to link the same number with their respective Apple ID accounts to trigger the flaw.
The suit is seeking unspecified statutory and punitive damages for the named plaintiffs and others affected.
Apple and T-Mobile did not immediately return requests for comment from DailyMail.com or other news outlets.
Read the full lawsuit below: