This is an incredible flaw, it’s amazing yet incredibly scary at the same time. (Don’t worry Apple have since stopped this from happening & are working on a permanent fix)
What the issue was, was, a user could start a group Facetime with someone & add themselves into the call before the other person has picked up or accepted the call. Consequently the original caller can now hear EVERYTHING from the other end. It’s like they actually answered the call. Therefore effectively eavesdropping on the other person.
The problem was that a user could listen in to another iPhone users conversations! Even if they hadn’t answered the call! Scary stuff indeed! If users were running 12.1 of Apple’s iOS then this would be possible.
New York authorities are even looking into Apple, citing if Apple did enough to warn people of the issue.
Apple swiftly apologised:
“We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us”
While an update to prevent this from happening again is due out next week. While there is no immediate fix for the flaw, Apple have since disabled Group Facetime on their serves. Therefore the feature is unusable for anyone, whilst the fix is being made. Once this flaw has been fixed, the feature will be available to all again.
14 Year Old Discovery
However, it has since been reported by the BBC that a young man and his mother tried to warn Apple of the flaw sometime ago but were ignored!
According to the Wall Street Journal, Ms Thompson, a lawyer, started contacting Apple on 20 January, but was unable to get a hold of anyone at Apple, days after contacting them about the huge security flaw. Apple, like many other tech companies, offer money for users who discover bugs in their products.
However, Kevin Beaumont who is a security researcher. Told the BBC that Apple are probably dealing with loads of bug reports all the time. Which may take significant amount of time to look through and prioritise.
“Many companies typically aim for 90 days to resolve reported security issues, and much of that time can be spent reaching the right people and setting the right priorities…..It appears the mother and son attempting to report this issue were passed around departments by Apple. That isn’t ideal, and something Apple needs to work on.”
Listen to Marcus and Jon Bentley of The Gadget Show discuss this here!
Keep up to date with everything How To Kill An Hour by signing up to our newsletter by clicking here!
Let us know what you think of the show by clicking here!
Click here to subscribe to our YouTube Channel to see more amazing ways to kill time!
Follow us on Twitch by clicking here!