Don’t panic, but a bug has been found in FaceTime that could allow someone to spy on your conversation -- and even see through your iPhone’s front-facing camera -- before you answer an incoming call.
Word spread quickly of the problem after a tweet went viral, with a demonstration of the privacy goof.
— Benji Mobb™ (@BmManski) January 28, 2019
And it’s not complicated to do.
As 9 to 5 Mac reports, the technique is alarmingly easy:
- Start a FaceTime Video call with an iPhone contact.
- Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
- Add your own phone number in the Add Person screen.
- You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.
9 to 5 Mac later confirmed that the flaw could also be used to expose video footage from the targeted phone’s front-facing camera.
Inevitably, some are likely to use the technique to prank their friends (it’s hard to tell whether this following NSFW video is a joke or not… but obviously it’s not cool or funny to prank your friends in this fashion)
Right now, it’s hard to tell just how serious this crappy bug is. It doesn’t feel like a way for -- say -- a state-sponsored attacker to open a persistent hot mic on a targeted phone in another nation’s government.
But I would still be deeply disturbed if someone was able to spy on me, even for a short while, without me noticing. It’s easy how it might also be used by jealous partners and obsessive stalkers to spy on the vulnerable.
And it’s clearly deeply embarrassing to Apple (which is attempting to pitch itself as one of the more privacy-conscious companies.)
— Graham Cluley (@gcluley) January 29, 2019
The FaceTime privacy problem needs to be fixed, and pronto. If you’re concerned, consider disabling FaceTime entirely until a fix is forthcoming.
Interestingly, Apple appears to already be attempting to mitigate the problem. A visit to the company’s system status webpage reveals that Group Facetime is currently unavailable.
Given the level of attention this bug is going to get from the media, my guess is that Apple will issue a fix to iOS 12 pretty darn quick.
Unfortunately it shouldn’t have needed media attention to get this problem on Apple’s radar. From the looks of things, the problem was brought to Apple’s attention by the parent of a 14-year-old boy who discovered it over 10 days ago. There was no response from Apple.
My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews
— MGT7 (@MGT7500) January 21, 2019
I have letters, emails, tweets and msgs. sent to Apple for 10+ days reporting the Group FaceTime bug that lets someone listen in. My teenager discovered it! Never heard back from them. #apple #facetimebug @FoxNews @cnbc @CNN
— MGT7 (@MGT7500) January 29, 2019
FYI- I called, FB messaged, faxed, emailed and tweeted Apple exhaustively last week to no avail. Submitted official bug report also. Tried to keep it private b/c of the security concerns. Never heard from them.
— MGT7 (@MGT7500) January 29, 2019
Expect a patch from Apple in the coming days. If not earlier.
For more discussion on this issue, be sure to check out this episode of the “Smashing Security” podcast:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.