Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call

Graham Cluley

Facetime thumb

Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call

Don’t panic, but a bug has been found in FaceTime that could allow someone to spy on your conversation – and even see through your iPhone’s front-facing camera – before you answer an incoming call.

Word spread quickly of the problem after a tweet went viral, with a demonstration of the privacy goof.

And it’s not complicated to do.

As 9 to 5 Mac reports, the technique is alarmingly easy:

  • Start a FaceTime Video call with an iPhone contact.
  • Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
  • Add your own phone number in the Add Person screen.
  • You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

9 to 5 Mac later confirmed that the flaw could also be used to expose video footage from the targeted phone’s front-facing camera.

Inevitably, some are likely to use the technique to prank their friends (it’s hard to tell whether this following NSFW video is a joke or not… but obviously it’s not cool or funny to prank your friends in this fashion)

Right now, it’s hard to tell just how serious this crappy bug is. It doesn’t feel like a way for – say – a state-sponsored attacker to open a persistent hot mic on a targeted phone in another nation’s government.

But I would still be deeply disturbed if someone was able to spy on me, even for a short while, without me noticing. It’s easy how it might also be used by jealous partners and obsessive stalkers to spy on the vulnerable.

And it’s clearly deeply embarrassing to Apple (which is attempting to pitch itself as one of the more privacy-conscious companies.)

The FaceTime privacy problem needs to be fixed, and pronto. If you’re concerned, consider disabling FaceTime entirely until a fix is forthcoming.

Interestingly, Apple appears to already be attempting to mitigate the problem. A visit to the company’s system status webpage reveals that Group Facetime is currently unavailable.

Facetime issue

Given the level of attention this bug is going to get from the media, my guess is that Apple will issue a fix to iOS 12 pretty darn quick.

Unfortunately it shouldn’t have needed media attention to get this problem on Apple’s radar. From the looks of things, the problem was brought to Apple’s attention by the parent of a 14-year-old boy who discovered it over 10 days ago. There was no response from Apple.

Expect a patch from Apple in the coming days. If not earlier.

For more discussion on this issue, be sure to check out this episode of the “Smashing Security” podcast:

Smashing Security #113: 'FaceTime, Facebook, faceplant'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.