Categories: MobilitySecurity

Apple Rushes To Block iPhone Eavesdropping Bug

Apple has disabled the group chat function in its FaceTime conferencing tool after a serious privacy flaw was uncovered that allowed users to activate microphones and listen in on remote devices.

In some cases the bug also activates cameras and transmits video to callers, unknown to users.

Apple said it is developing a fix, which it plans to distribute this week in iOS version 12.2, but it’s unclear how the company can protect the many iPhone users who rarely or never update their devices’ software.

The 9to5Mac blog first reported that the bug occurs when both  users are running version 12.1 of iOS, or newer, as well as Mac users who receive FaceTime group calls from an iOS device.

Privacy leak

According to intial reports, users discovered that they could enable FaceTime’s group chat feature  whilst a call was dialling, in such a way that they would immediately begin to receive audio through the recipient’s microphone as the device rang, before the call was received.

Users also reported that if the recipient presses the iPhone’s power button from the lock screen while the call is ringing – an action typically used to trigger a dialogue box to accept or reject a call – their device also begins transmitting video to the caller.

Throughout these actions, there is no indication on the receiver’s end that they are transmitting audio or video, with the device merely ringing as if a normal call were coming through.

Apple said in a statement: “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”

Social media users suggested disabling FaceTime entirely until a fix is available, an action that can be carried out via the device’s Settings menu.

“The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk,” said New York City mayor Andrew Cuomo. “I am deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes.”

Unwelcome attention

Former US Federal Trade Commission chief technology officer Ashkan Soltani called the issue “quite possibly one of the most significant privacy/security bugs the company has had to deal with in recent years (if not ever?)”, and praised Apple for quickly disabling Group FaceTime.

Embarrassingly for Apple, the bug surfaced on National Privacy Day, a global event instituted by the Council of Europe in 2007.

Only hours before the flaw came to light, Apple chief executive Tim Cook said via Twitter: “Let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.”

Apple has seized upon privacy as a way of distinguishing itself from rivals such as Google and Facebook, and mounted a billboard at the CES conference in Las Vegas earlier this month that read: “What happens on your iPhone, stays on your iPhone.”

The timing of the bug’s disclosure also coincided with the company’s latest earnings report on Tuesday.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago