Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call

Feeling vulnerable? Maybe turn off FaceTime until Apple confirms it has fixed this bug.
               

Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call

Don’t panic, but a bug has been found in FaceTime that could allow someone to spy on your conversation - and even see through your iPhone’s front-facing camera - before you answer an incoming call.

Word spread quickly of the problem after a tweet went viral, with a demonstration of the privacy goof.

And it’s not complicated to do.

As 9 to 5 Mac reports, the technique is alarmingly easy:

  • Start a FaceTime Video call with an iPhone contact.
  • Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
  • Add your own phone number in the Add Person screen.
  • You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

9 to 5 Mac later confirmed that the flaw could also be used to expose video footage from the targeted phone’s front-facing camera.

Inevitably, some are likely to use the technique to prank their friends (it’s hard to tell whether this following NSFW video is a joke or not… but obviously it’s not cool or funny to prank your friends in this fashion)

Right now, it’s hard to tell just how serious this crappy bug is. It doesn’t feel like a way for - say - a state-sponsored attacker to open a persistent hot mic on a targeted phone in another nation’s government.

But I would still be deeply disturbed if someone was able to spy on me, even for a short while, without me noticing. It’s easy how it might also be used by jealous partners and obsessive stalkers to spy on the vulnerable.

And it’s clearly deeply embarrassing to Apple (which is attempting to pitch itself as one of the more privacy-conscious companies.)

The FaceTime privacy problem needs to be fixed, and pronto. If you’re concerned, consider disabling FaceTime entirely until a fix is forthcoming.

Interestingly, Apple appears to already be attempting to mitigate the problem. A visit to the company’s system status webpage reveals that Group Facetime is currently unavailable.

Facetime issue

Given the level of attention this bug is going to get from the media, my guess is that Apple will issue a fix to iOS 12 pretty darn quick.

Unfortunately it shouldn’t have needed media attention to get this problem on Apple’s radar. From the looks of things, the problem was brought to Apple’s attention by the parent of a 14-year-old boy who discovered it over 10 days ago. There was no response from Apple.

Expect a patch from Apple in the coming days. If not earlier.

For more discussion on this issue, be sure to check out this episode of the “Smashing Security” podcast:

Smashing Security #113: ‘FaceTime, Facebook, faceplant’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.