A jaw-dropping flaw in Apple’s FaceTime software allows for users to eavesdrop on others while a call is still ringing, according to 9to5Mac.
The bug works by simply dialling another user, then swiping up and inserting the originating number via the “Add Person” screen before it is answered. FaceTime apparently is thus tricked into believing that a conference call is occurring, transmitting audio from the recipient’s device whether or not they have accepted or rejected the call.
– Benji Mobb™ (@BmManski) January 28, 2019
Gizmodo was able to replicate the bug in a matter of seconds simply by following those steps.
According to the Verge, this very serious security issue is compounded by another: While said “conference call” is happening, if the recipient hits the power or volume button to ignore the call, their device will start sending audio as well as video from its front-facing camera, again without any visual notification (though in this instance, it also activates the caller’s audio). That flaw was further confirmed by Mashable and BuzzFeed News, the latter of which noted that activating Do Not Disturb mode appears to at least block microphone access.
– nic nguyen (@itsnicolenguyen) January 29, 2019
According to 9to5Mac, the issue is even more serious with Mac computers:
We have also replicated the problem with an iPhone calling a Mac. By default, the Mac rings for longer than a phone so it can act as a bug for an even longer duration.
Apple told BuzzFeed News in a statement that it is “aware of this issue and we have identified a fix that will be released in a software update later this week.” However, seeing as it appears as though any FaceTime user with a device that supports Group FaceTime (iOS 12.1/MacOS Mojave 10.14.1 or later) could potentially be streaming audio or video to anyone without their knowledge – and the steps required to do this are both trivial and currently making the rounds on the internet – everyone should absolutely disable FaceTime until Apple gets around to fixing this.
On an iOS device, simply navigate to the Settings application and switch the toggle on the FaceTime icon to grey. On a Mac, open the FaceTime app, then click FaceTime in the menu bar and select “Turn off FaceTime.”
Update: Looks like Group FaceTime has indeed been temporarily disabled by Apple:
Apple killed FaceTime conferencing server side it seems. Right move. pic.twitter.com/H23W2tirgr
— Mark Gurman (@markgurman) January 29, 2019
Featured image: Marcio Jose Sanchez (AP)