Apple disables Group FaceTime After Potential Security Bug
A 14-year-old discovered the Group FaceTime bug, and his mother tried to warn Apple
Apple disabled its Group FaceTime feature in iPhones after multiple reports that users could initiate a FaceTime call and begin listening in on a recipient’s audio without them picking up the call or knowing they were being monitored.
The bug occurred after a user initiated a FaceTime video call with another iPhone or device running iOS and added themselves to the call while it was dialing, according to 9to5Mac, which first revealed the major privacy and security issue. This created a conference call that allowed the user to eavesdrop on the audio transmitted by the recipient.
The malfunction was replicated by Bloomberg News, which also claimed that video of a caller could be secretly transmitted if the recipient pressed the power button or the volume controls on their device.
[Apple says sales fell in the first quarter]
“We’re aware of this issue and we have identified a fix that will be released in a software update later this week,” Apple said in a statement to The Washington Post on Tuesday.
According to the Wall Street Journal, a 14-year-old in Arizona discovered the same security flaw earlier this month while he was using FaceTime to set up a Fortnite gaming session with friends. According to the report, the teenager’s mother, Michele Thompson, reported the bug to Apple, calling and faxing the company, and emailing with the security team days before news reports were published about the bug. The mother and son also posted about the issue on social media, but Thompson said it was frustrating trying to get Apple’s attention, the report said, and she isn’t sure how knowledge of the bug was made public. Thompson and Apple did not respond to requests for comment about her son’s discovery.
Apple has disabled Group FaceTime until it fixes the issue.
Apple’s system status Web page, which lets users know whether an app or service has a problem, says that “Group FaceTime is temporarily unavailable.” The group video-calling feature was disabled at 10:16 p.m. Monday and remains offline.
Users can disable FaceTime by tapping settings, scrolling down to the FaceTime app and toggling it off.
The security lapse is especially significant because Apple markets itself as a consumer tech company dedicated to privacy and security. The company has also tried to distinguish itself from rival Silicon Valley tech giants by emphasizing its commitment to excellence in hardware, in contrast to business models that rely on widespread data collection.
After the eavesdropping reports, New York Gov. Andrew M. Cuomo (D) issued a consumer alert Monday night, urging consumers to disable FaceTime on their devices.
“The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk,” Cuomo said in the alert. “In New York, we take consumer rights very seriously and I am deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes. In light of this bug, I advise New Yorkers to disable their FaceTime app until a fix is made available, and I urge Apple to release the fix without delay.”
Jack Dorsey, chief executive of Twitter, also chimed in. He told his more than 4 million followers on the social media platform he runs to “disable FaceTime for now until Apple fixes.”