Apple’s FaceTime provides people with a platform to connect with their loved ones near and far, whenever they choose. But news this week of a major bug in the FaceTime software has proven that users of iOS should be as wary of their smartphones as they are of their computers.
On Monday, it was announced that a flaw in FaceTime’s software lets users calling via Facetime hear audio coming from the recipient’s phone even before they’ve accepted or denied the call.
The bug was discovered after Grant Thompson, a 14-year-old boy from Tucson Arizona, was trying to FaceTime with a group of his friends to play video games.
Here’s how the bug works:
- First, Grant started a FaceTime with his friend Nathan, but Nathan didn’t pick up.
- Grant then swiped up and selected “Add Person” to add another friend to the FaceTime conversation originally between him and Nathan.
- The bug then forced Nathan’s phone, despite Nathan’s inaction, to pick up. Grant could then hear all the audio coming from Nathan’s phone while Nathan, oblivious to Grant’s unintended eavesdropping, went about his day.
- Even more disturbing was Grant’s discovery later that he could also press the volume up or down on his iPhone to expose Nathan’s front-facing camera.
The bug works on iPhones and iPads running iOS 12.1, and Apple PCs running macOS Mojave, which have the recently added Group FaceTime feature.
It took almost ten days for Apple to acknowledge Grant and his family’s efforts to contact them about the massive flaw in their software.
They have since apologized for the bug by releasing the following statement:
“We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.”
This is one of the most significant flaws in Apple’s iOS software, and should remind millions of iPhone users worldwide that smartphones are as vulnerable to data breaches as computers.
The company’s delayed response to reports of the FaceTime bug show us that we are all at risk of cyber security breaches. We have to implement a multi-layered strategy to protect ourselves across all of our devices. Luckily, we’ve got some advice for improving your safety, whether you’re an Apple user or not.
- If you’re running iOS 12.1 or higher, disable FaceTime for now. On an iPhone or iPad, go to Settings -> FaceTime, and toggle off the green button at the top of the screen. To turn it off on a Mac, open the FaceTime app and go to FaceTime on top of the screen, then select “Turn FaceTime Off.”
- Keep all of your devices up-to-date. Software flaws such as the FaceTime bug are patched using software updates, meaning you’ll be better protected if you keep your device as up-to-date as possible.
- Get an antivirus for your phone. McAfee Total Protection offers a mobile security package that details what data your applications are collecting, geolocates your smartphone and gives you the option to wipe it remotely, flags fishy sites, and protects your smartphone from malware. Get McAfee now and protect up to 5 devices in your home with a discount from FixMeStick.