A newly discovered FaceTime bug could pose an eavesdropping problem, and Apple says it will have a fix out later this week.
The bug allows iPhone users to call another device via the FaceTime video chat service and hear audio on the other end before the recipient has answered the call. That is, it can turn any iPhone into a hot mic without the user’s knowledge.
That represents a major security concern for Apple at a time of heightened sensitivity to cybersecurity threats. As it turns out, the news broke on Data Privacy Day.
The bug was reported by 9to5Macand confirmed independently by CNET. 9to5Mac also confirmed that it was able to replicate the bug when making a FaceTime call to a Mac.
We were able to re-create the bug in the CNET offices during a regular FaceTime call. Here’s how it happens: After starting a FaceTime session with an iPhone user, swipe up from the bottom of the screen to add another user to the call and add your own phone number. While the phone is still ringing, you’ll be able to hear audio from the recipient’s phone, even though that person hasn’t accepted the call.
The Verge noted that if the recipient rejects the call by pressing the power button, video will also be broadcast from that person’s phone. CNET re-created this, getting a second or two of video from the recipient’s phone before the call was disconnected.
In a statement to CNET on Monday, an Apple spokesperson said, “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”
Later Monday, Apple’s System Status page had been updated to show Group FaceTime as “temporarily unavailable.” We weren’t able to re-create the bug after this, which suggests the problem has been addressed until the software update can be released.
Apple rolled out Group FaceTime to users in late October with its iOS 12.1 release. The feature lets up to 32 people participate in a video chat at the same time.
News of the vulnerability lit up Twitter. Technology writer Andy Baio, for one, tweeted to warn iPhone users.
“I don’t know about you, but I’m disabling FaceTime on my Mac and iPhone until this is resolved,” he wrote.
Engineering veteran Erica Baker also expressed alarm about the problem.
“This bug is in MacOS as well, so pretty much every Mac laptop in every environment is a hot mic right now,” she tweeted.
As 9to5Mac reporter Bejamin Mayo also noted, FaceTime calls to a Mac have the potential to ring (and therefore share audio) for much longer.
In a statement to CNET on Monday, an Apple spokesperson said, “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”
Later Monday, Apple’s System Status page had been updated to show Group FaceTime as “temporarily unavailable.” We weren’t able to re-create the bug after this, which suggests the problem has been addressed until the software update can be released.
Apple rolled out Group FaceTime to users in late October with its iOS 12.1 release. The feature lets up to 32 people participate in a video chat at the same time.
News of the vulnerability lit up Twitter. Technology writer Andy Baio, for one, tweeted to warn iPhone users.
“I don’t know about you, but I’m disabling FaceTime on my Mac and iPhone until this is resolved,” he wrote.
Engineering veteran Erica Baker also expressed alarm about the problem.
“This bug is in MacOS as well, so pretty much every Mac laptop in every environment is a hot mic right now,” she tweeted.
As 9to5Mac reporter Bejamin Mayo also noted, FaceTime calls to a Mac have the potential to ring (and therefore share audio) for much longer.
We’ll keep you informed of new updates.