• Follow us

Technology

Apple Squashes FaceTime Eavesdropping Bug | Privacy

By John P. Mello Jr. Jan 30, 2019 5:00 AM PT

Apple on Monday suspended its Group FaceTime application following reports that a bug in the software allowed callers to eavesdrop on the people they were calling.

The flaw let a person making a FaceTime call listen through the phone of the person called before the call was accepted or rejected.

It also allowed access to the front-facing camera in an iPhone, both 9 to 5 Mac and BuzzFeed reported.

After making a FaceTime call from an iPhone X to an iPhone 8, a user could hear audio from the iPhone 8 before any action was taken on the call, BuzzFeed explained.

Then, when the volume down button was pressed, video streaming from the front-facing camera could be seen on the iPhone X, even though the call on the iPhone 8 hadn't been acted upon.

A user could activate video functionality from a called phone by pressing the power button from the lock screen, 9 to 5 Mac reported.

The eavesdropping bug didn't seem to work on phones in "Do Not Disturb" mode, BuzzFeed noted.

Serious Issue

Although Apple acted quickly once news of the bug went viral, the flaw is a grave one.

"The bug is serious, but thankfully Apple was in a position to mitigate it by forcing the feature to be inoperable on their server-side end," said Will Strafach, president of the Sudo Security Group, an iOS security company in Greenwich, Connecticut.

"I don't see a long-term impact, since Apple has now disabled the functionality and is quickly pushing an update," he told TechNewsWorld, "but I am sure this will be joked about for some time, similar to the 'goto fail' bug a few years ago."

What makes the bug so serious is that it allows any user to be spied on without their knowledge, said Mike Murray, chief security officer for Lookout, a San Francisco maker of mobile security products.

"All software has bugs and every company makes mistakes. What impacts a company's reputation in the long term is their ability to respond to these issues," he told TechNewsWorld.

"Apple has already published an initial mitigation and rumors have a patch being released in short order," Murray continued. "This is what should be expected from a company that takes user privacy and security seriously."

Sky Not Falling

Not everyone is wringing their hands over the "fly on the wall" bug.

"According to the rest of the world, the sky is falling right now," observed Tyler Reguly, manager of security R&D at Portland, Oregon-based Tripwire, a cybersecurity threat detection and prevention company.

"This FaceTime bug is the most critical defect we've ever encountered if social media is to be believed. I'm not sure I buy into that," he told TechNewsWorld.

"Is this bug a really stupid mistake and evidence that maybe Apple doesn't put as much thought into features as they should? Definitely," Reguly continued.

"As a colleague put it, 'How do you design a communication protocol such that it allowed communication before the connection is established?" he wondered.

"There is no doubt that Apple has some egg on their face over this one," Reguly said. "The simple fact is that stupid bugs exist everywhere because code is written by people, and people make mistakes and bad choices. It would be nice if we lived in an infallible society, but we don't."

Twitterverse Speaks

The FaceTime bug became a source of levity on Twitter.

"I am not responsible for #FaceTime's bug. Although, I do intend to take full advantage of it," wrote @immortalhuey.

Another user imagined what the bug could do for family relations. "I love this #facetime bug," wrote @Pornhub. "Imma call you and spy on you while you ignore me....MOM."

@Taylorownsme13 added this tongue-in-cheek comment to the bug feed: "So are you telling me that my friends will hear me talk about how much I hate them and how their calls annoy me before I answer and be a fake bitch?"

Other denizens of the twittersphere, though, had more serious thoughts about Apple's snafu.

"So everyone freaks out over this #FaceTime bug that basically let's anyone turn your phone into a listening device, BUT nobody gives a fuck that the Government does this to almost ALL 'smart' devices as a matter of course," declared @Socal_crypto.

"Never wanted iPhone. After this never will," added @theBeganovich.

Delayed Reaction?

Twitter is also where questions about Apple's responsiveness to bug reports have been raised.

"It has been alleged that this bug was reported days ago," Sudo's Strafach explained.

"My hope is that this will be a teachable moment on how their bug report triage processes can be improved in order to get reports to the right people more quickly," he said.

"I believe this bug serves as a reminder that mobile phones may be powerful tools these days, but they are created by humans who can make mistakes sometimes," Strafach added. "I think a lot of people already understand that, but incidents such as this bug serve as a visceral reminder which can be easily understood."

Pocket Protection

While access to Group FaceTime has been suspended, Lookout's Murray still recommends disabling the application until Apple provides a more permanent fix to the problem.

"More important than this single issue is to remember that the phone in our pocket is a powerful computer with access to all of your private life, and it should be protected like it," he cautioned.

"Many mobile malware families have the ability to listen in through the microphone, just like this Apple bug," Murray added. "A vulnerability like this reminds us how easily phones can be used to steal personal information. The malware authors and nation-state attackers already know that."

The FaceTime bug illustrates that even the most diligent companies can falter from time to time, noted George Gerchow, CSO of Redwood City, California-based Sumo Logic, an analytics company focusing on security, operations and business information.

"Even though Apple has gone through great strides to protect their users' information," he told TechNewsWorld, "this latest bug is yet another reinforcement that privacy continues to remain a major concern, regardless of your company's size or security and privacy investments."

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Read More



Leave A Comment

More News

TechNewsWorld

Apple Banishes Facebook Data Reaper From iPhones 2019-01-31 12:12:01Apple has blocked a Facebook app that paid users for total access to all network data. The controversy over use of the Facebook Research app erupted e

Apple Squashes FaceTime Eavesdropping Bug 2019-01-30 08:00:00Apple has suspended its Group FaceTime application following reports that a bug in the software allowed callers to eavesdrop on the people they were c

Apple Rumored Plotting a Game Subscription Service 2019-01-29 08:00:00A "Netflix for Games" type of service may be in Apple's future. Apple has been developing a subscription service that will function for games much

Why Intel Is in Such Horrid Condition 2019-01-28 14:22:29Intel released earnings last week. It beat expectations on the bottom line, but it missed big on the top line and the outlook was dismal. Looking unde

MakuluLinux Core OS Debuts With Impressive Desktop Design 2019-01-28 08:00:00A new Linux OS gets to the core of Linux computing with a revamped desktop environment and a new way to have fun with your daily computing tasks. Deve

YouTube TV Hits Screens Across Most of the 2019-01-24 12:06:02YouTube TV will be rolling out to an additional 95 markets in the U.S., almost doubling its coverage. The streaming video service already covers the t

Netrunner's Unique Blackbird Soars to New Heights 2019-01-23 14:54:02Blackbird, Netrunner's version 19.01 release, hit the download servers on Jan. 14, and this distro deserves to be considered bleeding-edge. Netrunner

Dutch Doc Wins 'Forget My Suspension' Case 2019-01-23 13:06:48Google must remove search results about medical regulators' conditional suspension of a Dutch physician in the first "right to be forgotten" case o

Facebook Adds Petition Feature to Global Community-Building Effort 2019-01-22 08:00:00Facebook has begun rolling out a new feature that's bound to charm political activists. Community Actions lets Facebook members create a page where

Jaguar I-Pace vs. Tesla Model 3: Which Is 2019-01-21 14:06:02To suggest that electric cars are having a painful birth would be a colossal understatement. Tesla clearly plowed this field and quickly recognized th

The Evolution of Software Security Best Practices 2019-01-18 11:34:45Independent software vendors, along with Internet of Things and cloud vendors, are involved in a market transformation that is making them look more a

Lenovo, Verizon to Reincarnate Motorola Razr as Foldable 2019-01-17 08:00:00The Motorola Razr -- once the hottest flip phone available -- is being revived as a smartphone with a foldable screen, according to reports. It will b

PCWorld

Logitech Wireless Keyboard K350 review: This ergonomic keyboard 2019-02-07 17:00:00The Logitech Wireless Keyboard K350 boasts a slightly curved, contoured keyboard. It could be just the thing for typists with aching wrists and t

Best true wireless earbuds: Free yourself from the 2019-02-07 16:53:00Truly wireless earbuds let you ditch all cables in our post-headphone jack world, but like with anything else, their quality varies. Our top picks off

The best SSDs of 2019 2019-02-07 16:42:00Switching to a solid-state drive is the best upgrade you can make for your PC. These wondrous devices obliterate long boot times, speed up how fast yo

The best online courses for learning Python 2019-02-07 15:30:00If you’re looking to learn coding or want to pick up another programming language, Python is a good choice. One of the terrific things about Pyt

Dash cam reviews: Catch the maniacs and meteors 2019-02-07 14:27:00Dash cams are already essential in many countries because of scam artists who try to create accidents so they can sue you. They’ve also proven u

Skype's cool, useful background-blurring feature goes live for 2019-02-07 13:31:00Microsoft has rolled its long-awaited background-blur feature to Skype for the PC and Mac, returning the focus to you and away from the clutter that c

Watch The Full Nerd talk about the Radeon 2019-02-07 13:17:00Join The Full Nerd gang as they talk about the latest PC hardware topics. In today's show we are diving deep into the Radeon VII reviews for both gam

4 ways the LG G8 ThinQ's time-of-flight front 2019-02-07 13:00:00With just a couple weeks left until Mobile World Congress, a clearer picture—quite literally—is beginning to emerge of LG's next flagship

Amazon's Echo Dot Kids Edition is just $35 2019-02-07 11:07:00Amazon’s Echo devices kicked off the smart speaker craze, with a variety of options to fit any connected home. The Amazon Echo Kids Edition is n

Apple is removing the Do Not Track toggle 2019-02-07 10:23:00The next update to Safari will remove the useless "Ask websites not to track me" as Apple implements stricter and smarter anti-tracking tools.

Get Your First Month Of NordVPN, Dashlane, and 2019-02-07 09:59:00From hacking attacks to viruses and system crashes, there's a myriad of threats out there that can put a major damper on your online experience. In o

The awesome Blue Yeti microphone is just $100 2019-02-07 09:41:00If you’re about to get into live streaming, creating YouTube videos for the masses, or simply want great sound out of a microphone, then today&r

FOX News

Twitter sees monthly users plunge, will stop reporting 2019-02-07 15:53:22Twitter’s monthly user base slipped 9 million year-over-year, according to the company’s fiscal fourth-quarter results, which were release

Apple releases update to prevent FaceTime spying 2019-02-07 15:12:50SAN FRANCISCO (AP) — Apple has released an iPhone update to fix a software flaw that allowed people to eavesdrop on others while using FaceTime.

WATCH: Hunters claim 'Bigfoot' sighting in Utah mountains 2019-02-07 14:53:58It's been a while since we've "heard" from the legendary creature known as Bigfoot. Now, a new video has surfaced that purportedly shows the

Lost city in South Africa revealed in stunning 2019-02-07 14:20:24Experts have created a stunning digital reconstruction of a centuries-old lost city discovered in South Africa.

Facebook slammed by Germany as watchdog slaps data 2019-02-07 11:33:23Authorities in Germany have ruled that Facebook should not be allowed to use customer data from other apps and websites to help target advertisements

Popular iPhone apps are secretly recording your screen 2019-02-07 09:40:04Several major companies are secretly recording your every move on their iPhone apps without your permission or even your knowledge, a new investi

'Fortnite' is killing the rest of the video 2019-02-07 08:20:49It was “game over” for video gaming stocks on Wednesday after two of the biggest industry names reported weak quarterly guidance in the fa

Army soldiers use 'Macbook'-sized tablet to operate multiple 2019-02-07 07:29:04The Army is refining new small drone combat tactics to accommodate emerging technologies such as AI-enabled command and control, higher resolution sen

Kayleigh McEnany says Instagram removed her Elizabeth Warren 2019-02-06 17:57:39The national spokesperson of the GOP claims Instagram banned her access from the social media site after she posted a photo of Sen. Elizabeth Warren'

NYPD to Google: Stop revealing the location of 2019-02-06 13:59:09The NYPD is calling on Google to yank a feature from its Waze traffic app that tips off drivers to police checkpoints — warning it could be cons

Apple’s HomePod struggles in crowded smart speaker market 2019-02-06 08:48:38Apple is cranking out smart speakers, but tech heads aren’t listening.

Facebook Messenger finally gets an unsend feature 2019-02-06 08:47:00You can now retract messages on Facebook Messenger—but act fast.

TechCrunch

How to prepare for an investment apocalypse 2019-02-08 11:30:57Micah Rosenbloom Contributor Micah Rosenbloom is a venture partner at Founder Collective. More posts by this contributor Business school grads and qua

Apple turns Ariana Grande and other musicians into 2019-02-08 10:36:12Just in time for the Grammy Awards, Apple has unveiled three new ads for Apple Music, featuring new singles from Ariana Grande, Khalid and Florida Geo

Mixtape podcast: Instacart’s apologetic week 2019-02-08 10:33:50It’s that time of the week again when Megan Rose Dickey and I talk about the good and could-be-better tech companies. This week, we talked

Luxury handbag marketplace Rebag raises $25M to expand 2019-02-08 10:13:44Rebag, an online resale marketplace for luxury handbags, is getting another infusion of capital as it prepares to expand its offline retail operations

Extend Fertility banks $15M Series A to help 2019-02-08 10:00:04Regal Healthcare Capital Partners backs Extend Fertility with $15 million to help the egg-freezing service expand to new markets.

AMI defends ‘good faith negotiations’ with Jeff Bezos 2019-02-08 09:47:04It’s the morning after the night before for AMI. And what a night it was. The company is officially in damage control mode after it release

Sprint calls AT&T’s 5G E label ‘false advertising’ 2019-02-08 09:38:56While it’s true that it’s going to take some time before most of us will actually be able to enjoy the benefits of 5G, that doesn’t

Opera adds a free VPN to its Android 2019-02-08 09:10:59Opera became the first browser-maker to bundle a VPN with its service, and now that effort is expanding to mobile. The company announced today that it

Spotify 2019-02-08 09:00:53Hello, and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines. This wee

Thousands of industrial refrigerators can be remotely defrosted, 2019-02-08 07:45:48Security researchers have found thousands of exposed internet-connected industrial refrigerators that can be easily remotely instructed to defrost. Mo

Spotify will now suspend or terminate accounts it 2019-02-08 07:37:35Spotify will take a harder stance on ad blockers in its updated terms of service. In an email to users today, the streaming music and podcast platform

Dixa, the ‘customer friendship’ platform, raises $14M 2019-02-08 04:00:10Dixa, a Copenhagen-based startup that offers a platform to help companies provide better and more consistent customer service across multiple channels


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.