Apple to fix FaceTime bug that permits eavesdropping

Apple is tackling a FaceTime glitch just as the company stresses its commitment to user privacy. The company has already disabled the troublesome group-chat function, and is expected to produce a software update later this week.

Bebeto Matthews/AP
Apple's new MacBook Air computers are displayed during the company's showcase of new products in the Brooklyn borough of New York. Apple has disabled a group-chat function in FaceTime after users said a software bug could let callers activate another person's iPhone, iPad, or Mac computer's microphone.

Apple has disabled a group-chat function in FaceTime after users said a software bug could let callers activate another person's microphone remotely.

With the bug, a FaceTime user calling another iPhone, iPad, or Mac computer could hear audio – even if the receiver did not accept the call. The bug is triggered when callers add themselves to the same call to launch a group chat. That makes FaceTime think the receiver had accepted the chat.

The bug, demonstrated through videos online, comes as an embarrassment for a company that is trying to distinguish itself by stressing its commitment to users' privacy.

"This is a big hit to their brand," said Dave Kennedy, CEO of Ohio-based security firm TrustedSec. "There's been a long period of time people could have used that to eavesdrop. These things definitely should be caught prior to ever being released."

There is no longer a danger from this particular bug as Apple disabled group chats, while regular, one-on-one FaceTime remains available.

NBC News and The Wall Street Journal reported Tuesday that the family of a high school student in Tucson, Ariz., tried to inform Apple about the bug more than a week before it became widely known to the public. The boy, Grant Thompson, said he discovered it by accident while calling friends to play the game "Fortnite."

It's hard to know if anyone exploited the bug maliciously, said Erka Koivunen, chief information security officer for Finnish company F-Secure. He said it would have been hard to use the bug to spy on someone, as the phone would ring first – and it's easy to identify who called.

Apple said Tuesday that a fix will come in a software update later this week. Apple declined to say when it learned about the problem. The company also wouldn't say if it has logs that could show if anyone took advantage of the bug before it became publicly known this week.

Kennedy commended Apple's quick response this week following reports of the bug by tech blogs. He predicted the reputational dent could soon be forgotten if it doesn't become part of a pattern.

"All bugs are obvious in retrospect," said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. "The truth is bugs are subtle, code is complicated and sometimes things get through."

Ms. Galperin said Apple should develop a better process for fielding reports about potential security flaws. She said the high school student's discovery of the problem "just tells us a lot about reporting security bugs depends on knowing the right person."

Apple had introduced the 32-person video conferencing feature in October for iPhones, iPads, and Macs. Regular FaceTime calls aren't affected unless the caller turns it into a group chat.

Word of the bug came as Apple reported that profit for the last three months of 2018 dipped slightly to $20 billion while revenue fell 5 percent from the prior year to $84 billion. Earlier this month, Apple said that demand for iPhones was waning and that its earnings for the final quarter of 2018 would be below its own forecasts – a rare downgrade from the company.

This story was reported by The Associated Press. 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Apple to fix FaceTime bug that permits eavesdropping
Read this article in
https://www.csmonitor.com/Technology/2019/0130/Apple-to-fix-FaceTime-bug-that-permits-eavesdropping
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe