A week ago, Ars Technica reported on a flaw within Apple’s iMessaging system. iMessage, you’ll recall, is Apple’s iOS 5 alternative to sending traditional SMS and MMS messages. The problem Ars reported in short: A lost or stolen iPhone could continue to receive iMessages directed towards your cell phone number—even if you remotely wiped the iPhone’s data, moved your number to a new phone, or changed your Apple ID’s password.

This misdirected iMessage issue seems like a bug on Apple’s end. But until Cupertino releases a fix, iLounge’s Jesse Hollington posted about a way to protect yourself: Set a PIN on your iPhone’s SIM card.

Why a SIM PIN works, and why it’s risky

Such a PIN SIM is separate from an iPhone passcode that you may have set. It specifically locks your SIM, and you’ll be prompted to reenter the PIN whenever you restart your iPhone. If you lock your SIM with a PIN and your phone ends up in the wrong hands, you’re more protected: After a remote wipe, the phone will restart and prompt the new owner to enter the SIM before the phone will accept new iMessages (or FaceTime calls) at your old number.

Besides the potential added annoyance of needing to enter your PIN code whenever you restart your iPhone, there’s one other potential downside to locking your SIM: It’s the tiniest bit risky. There are a couple reasons for that: The iPhone’s interface for setting a new SIM PIN is rather awful, as we’ll explain in a minute. And you usually need to know your carrier’s default PIN before you can set a new one. Worst of all, if you make a mistake one too many times while changing the PIN or unlocking your SIM, you can end up locking yourself out—and at that point, only intervention from your carrier can help you.

How to set your SIM PIN

Here’s how to change your SIM’s PIN to avoid the potential iMessage problem, without incurring the SIM PIN pain we just alluded to.

First, on your iPhone, launch the Settings app, scroll down, and tap on Phone. On the Phone screen, scroll down and tap on SIM PIN. Slide the SIM PIN slider to On.

At this point, the iPhone will prompt you for a PIN. But here’s the rub: It’s not asking for your new PIN; rather, you’re being prompted to provide your current pin. If you haven’t set one yet, you need to know your carrier’s default PIN. If you’re on AT&T or Bell Canada, it’s 1111. If you use Sprint, it’s 0000. For Rogers Wireless, it’s 1234.

The Verizon iPhone 4 doesn’t have a SIM card at all, so this workaround can’t help with that phone. The Verizon iPhone 4S does contain a SIM card, but reports from around the Web suggest that changing its PIN wouldn’t help at best (because in normal use, the SIM card doesn’t send data to the network the same way that it does on the other carriers), and can cause problems in some cases. For now, if you use a Verizon iPhone—either the iPhone 4 or 4S—we don’t recommend setting a PIN; you’ll need to wait for another solution to prevent your phone from potentially falling victim to the iMessage issue.

If you mistakenly enter your SIM card’s default PIN, or mis-enter your own PIN when unlocking the device after a reboot too many times, your SIM card may get locked. If that happens, you need to obtain a PUK (PIN Unlock Key) to unlock it. AT&T provides a page explaining how to do just that; you’ll need to contact your other carrier for information should you get to this step. Most carriers give you at least three tries to enter your PIN code correctly before requiring that you enter a PUK.

Note, however, that if you misenter a PUK code too many times—ten’s the limit with AT&T—your SIM card can be become permanently locked. The only solution at that point is to obtain a new SIM from your carrier.

Looking forward

So, unless you’re a Verizon iPhone customer, the SIM PIN is a reasonable way to ensure that your lost or stolen iPhone won’t fall victim to this iMessage issue; so long as you wipe the device remotely, it will reboot and require your PIN before allowing the phone’s new owner to receive your iMessages in error.

But clearly, this is far from an ideal solution. Beyond leaving Verizon customers in the lurch, SIM PINs are not without risk, and entering the code whenever your iPhone reboots is an added annoyance—especially if you already use a passcode.

We’ve also heard reports of a similar iMessage problem: If your old iPhone is lost or destroyed and you activate a new, different phone—say, an Android model—messages from other iPhone owners may still be routed over iMessage, meaning you wouldn’t see them at all. That issue reportedly resolves itself after a couple weeks, but it’s obviously still problematic.

Simply turning off iMessage on your iPhone won’t prevent these issues the way the SIM PIN does; if a thief gets your phone and turns iMessage back on again and your SIM is unlocked, messages from other iPhones directed to your number will be directed to your stolen phone.

Apple didn’t immediately reply to Macworld’s request for comment on the issue. Still, we would expect a forthcoming iOS update to address this issue.