More On Apple's FaceTime Bug - Threatwire Crosspost (Patreon)

By Shannon Morse, Threatwire 

Last week, a major bug surfaced by 9to5Mac, detailed how iPhone users could use FaceTime group chats to snoop on the audio from other phones without their knowledge.  All someone would have to do is call another user using FaceTime, and they would immediately hear the audio from the receivers phone before they accepted or rejected the call. The ringer rings as normal, so the receiver would know someone was calling, but they wouldn’t be able to tell if you could hear their audio before they actually picked up. 

Many iPhone users took to social media expressing their concerns at the ease of this vulnerability. You’d first have to start a FaceTime Video Call to an iPhone contact, then, when it’s dialing, swipe up from the bottom and tap Add Person. Add your own phone number on the Add Person screen, then start a group FaceTime call with yourself and the audio of the contact. 

To make matters worse, this flaw could also be used to snoop on the video feed of the user. To do this, all a user would have to do is press the power button while on the lock screen, which also would send their video to the caller. According to BuzzFeedNews, pressing volume down did something similar. While the underlying cause wasn’t specified, security researchers think that bad logic coding of the group FaceTime processes could be the problem.

After this news broke, it was discovered that a 14-year-old boy found this flaw over a week prior to the news article, while playing Fortnite with his friends. The boy stumbled upon the bug on January 19, while trying to initiate a group FaceTime call. His mother reported this problem to Apple through a series of posts and emails, but to no avail. It appears Apple knew or should have known about the problem for a week before actually getting around to fixing it. While they did respond to one of her reports on January 23, it was not clear to the mother that they were fixing it.

Apple disabled the group FaceTime feature on January 29, and it has since been listed as temporarily unavailable on their system status page. Before that, the best option was just to disable FaceTime in the iOS settings.

Apple is now experiencing legal concerns related to this bug. They have been sued by a Houston-based lawyer, who claims someone eavesdropped on a conversation. New York Attorney General Letitia James has also initiated a formal investigation into the bug.

A software patch will be made available to users this week in iOS 12.1.4. To update, simply go to your settings app, general, and software update.

https://www.buzzfeednews.com/article/nicolenguyen/facetime-bug-iphone

https://www.cnet.com/news/apples-facetime-bug-was-discovered-by-a-teen-playing-fortnite/

https://twitter.com/MGT7500/status/1087171594756083713

https://twitter.com/MGT7500/status/1090079031666438144

https://twitter.com/BEASTMODE/status/1090298850764644352

https://www.cyberscoop.com/facetime-bug-group-chat-disabled-apple-ios-macos/

https://www.apple.com/support/systemstatus/

https://www.zdnet.com/article/iphone-facetime-bug-now-apple-sued-over-eavesdrop-on-lawyers-client-phone-call/

https://www.cnet.com/news/apple-facetime-bug-prompts-investigation-from-ny-attorney-general/

https://www.zdnet.com/article/ios-12-1-4-is-coming-to-fix-the-worst-iphone-and-ipad-bug-to-date/