Android users around the around the world must be brimming with schadenfreude at the moment after a serious eavesdropping bug was discovered in Apple’s proprietary FaceTime app. The tech giant has since disabled group calls on the server side and has promised that a fix for the bug will be released later this week.
What’s the bug
1. Start a FaceTime video call.
2. While it's still ringing, swipe up from the bottom of the screen and click "Add Person."
3. Add your own phone number to the call.You'll now be able to hear the microphone from the other device, even if the owner is nowhere nearby.
— Andy Baio (@waxpancake) January 29, 2019
FaceTime is Apple’s own video-telephony app that allows iPhone and Mac users to make audio and video calls with each other. Something along the lines of Skype, Hangouts and Duo. It is pretty popular in the US, Apple’s home country, although it has a lot of users around the world too.
The app allows you to make group calls. You can, for example during an ongoing call, add another contact to the call by calling them and when they pick up they are added to call. It’s all pretty routine really and all the apps we mentioned above support it too.
Because of the “bug”, some pretty paranoid people are saying it might be a deliberate backdoor although there is no evidence to support this, allowed someone(the caller) to listen in. All you had to do was call someone using FaceTime and if they did not pick up proceed as if you were to initiate a group call, instead of adding another number you would instead add your own number, the one you used to make the initial call. For some reason this tricked FaceTime into thinking this was an already ongoing call activating the mic, and some claim camera, on the remote end.
This means you could listen to the other party even if they had not answered the call. That no doubt raises serious privacy concerns. Usually the reason why people do not pick up is because they will be otherwise engaged. Imagine if the other end is in a very confidential meeting and works for a competitor business. Lots of secrets can come out.
Apple is on it
This is pretty embarrassing for Apple who like to project the image of a company that produces polished software for high end customers. The truth though is that these things happen bugs are a reality of software. Recently for example the Debian package tool apt was revealed to have a serious flaw that could allow man in the middle attacks.
The good thing is that Apple have owned the problem and acted quickly and swiftly shutdown the loophole. They have also said their engineers are working on the problem.
We’re aware of this issue and we have identified a fix that will be released in a software update later this week.
Share
Home