https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
Yesterday
Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up
Benjamin Mayo
- Jan. 28th 2019 3:41 pm PT
@bzamayo
163 Comments
A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. Apple says the issue will be addressed in a software update “later this week”. (Update: Apple has taken Group FaceTime offline in an attempt to address the issue in the interim).
Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.
Update: There’s a second part to this which can expose video too …
Try Amazon Prime 30-Day Free Trial
9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.
Here’s how to do the iPhone FaceTime bug:
Whilst the call is ringing, swipe up from the bottom of the screen and add yourself to the call.
The damage potential here is real. You can listen in to soundbites of any iPhone user’s ongoing conversation without them ever knowing that you could hear them. Until Apple fixes the bug, it’s not clear how to defend yourself against this attack either aside from disabling FaceTime altogether.
As it stands, if your phone is ringing with an incoming FaceTime request, the person on the other end could be listening in.
What we have also found is that if the person presses the Power button from the lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. (Another update: It seems there are other ways of triggering the video feed eavesdrop too.)
We have also replicated the problem with an iPhone calling a Mac. By default, the Mac rings for longer than a phone so it can act as a bug for an even longer duration.
Apple has said the issue will be fixed in a software update later in the week. Until then, if you are concerned, you should disable FaceTime in iOS Settings.
https://www.theguardian.com/technol...cetime-bug-listen-calls-iphone-glitch-privacy
The Guardian - Back to home
Support The Guardian
Contribute
Subscribe
Search jobs
Sign in
Search
iPhone
Apple rushes to fix FaceTime bug that let users eavesdrop on others
Firm disables Group FaceTime over serious glitch which can also turn on video without people’s knowledge
Julia Carrie Wong in San Francisco and Alex Hern
Tue 29 Jan 2019 09.21 GMT First published on Tue 29 Jan 2019 02.39 GMT
Shares
2,176
The bug turns the phone of the recipient of a FaceTime call into a microphone while the call is still ringing. Photograph: Nicolas Asfouri/AFP/Getty Images
Apple has made the group functionality on its FaceTime application temporarily unavailable as it rushes to fix a glitch that allowed users to listen in on the people they were calling when they did not pick up the call. Under certain circumstances, the glitch also allowed callers to see video of the person they were calling before they picked up.
The Guardian confirmed the existence of the bug, which was first reported by 9to5Mac. It turned the phone of the recipient of a FaceTime call into a microphone while the call was still ringing. If the recipient of the call pressed the power button on the side of the iPhone – an action typically used to silence or ignore an incoming call – their phone would begin broadcasting video to the initial caller.
Why you shouldn’t post photos of friends without permission
Read more
Apple did not immediately respond to a request for comment from the Guardian. The company told Reuters it was aware of the problem and would release a software update “later this week”.
In the meantime, the Group FaceTime feature was temporarily made unavailable, according to Apple’s system status webpage. By disabling that feature at the source, the company appears to have prevented any further exploitation of the bug.
The flaw was discovered amid increasing concern over privacy by regulators around the globe and – embarrassingly for Apple – was exposed on Data Privacy Day, a global event instituted by the Council of Europe in 2007 to raise awareness among businesses and consumers about the importance of protecting privacy. Hours before the bug was first revealed to the public, Tim Cook, Apple’s chief executive, had tweeted that “the dangers are real and the consequences are too important” to not institute “vital privacy protections”.
The bug was discovered the day before Apple’s quarterly results call, already expected to be a fraught affair due to the company’s unprecedented decision to slash its revenue forecast by at least $5bn (£3.8bn). Cook blamed a slowdown in China for the reduction in earnings, and cited a battery replacement programme, foreign exchange fluctuations, and the end of carrier subsidies for new phones as compounding factors.
Apple has attempted to distinguish itself from rival technology companies such as Google and Facebook by boasting about its privacy record. In early January, the company ran a 13-floor billboard in Las Vegas stating, “What happens on your iPhone, stays on your iPhone” during the Consumer Electronics Show.
While Apple’s decision to shut down Group FaceTime appears to have protected against further attempts to exploit the bug, users wishing for an extra degree of security may wish to disable FaceTime entirely in their phones’ settings (a single switch located under the FaceTime submenu). Apple’s next software update, expected to be iOS 12.2, will be released later this week, the company says, and will contain a permanent fix.
Even then, it is not clear whether, or how, Apple will extend that protection to users who don’t update their phones to the latest operating system, either because they can’t, won’t, or don’t know how to. While the company keeps Group FaceTime switched off, those users are secure, but it remains uncertain whether they would be freshly exposed when the feature is restored.
The immediate reaction to the bug has been shock on the part of privacy and security experts. Ashkan Soltani, the former chief technology officer of the US Federal Trade Commission, called it “quite possibly one of the most significant privacy/security bugs the company has had to deal with in recent years (if not ever?),” and praised the speed with which Apple had disabled Group FaceTime.
Yesterday
Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up
Benjamin Mayo
- Jan. 28th 2019 3:41 pm PT
@bzamayo
163 Comments
A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. Apple says the issue will be addressed in a software update “later this week”. (Update: Apple has taken Group FaceTime offline in an attempt to address the issue in the interim).
Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.
Update: There’s a second part to this which can expose video too …
9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.
Here’s how to do the iPhone FaceTime bug:
- Start a FaceTime Video call with an iPhone contact.
- Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
- Add your own phone number in the Add Person screen.
- You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.
Whilst the call is ringing, swipe up from the bottom of the screen and add yourself to the call.
The damage potential here is real. You can listen in to soundbites of any iPhone user’s ongoing conversation without them ever knowing that you could hear them. Until Apple fixes the bug, it’s not clear how to defend yourself against this attack either aside from disabling FaceTime altogether.
As it stands, if your phone is ringing with an incoming FaceTime request, the person on the other end could be listening in.
What we have also found is that if the person presses the Power button from the lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. (Another update: It seems there are other ways of triggering the video feed eavesdrop too.)
We have also replicated the problem with an iPhone calling a Mac. By default, the Mac rings for longer than a phone so it can act as a bug for an even longer duration.
Apple has said the issue will be fixed in a software update later in the week. Until then, if you are concerned, you should disable FaceTime in iOS Settings.
https://www.theguardian.com/technol...cetime-bug-listen-calls-iphone-glitch-privacy
The Guardian - Back to home
Support The Guardian
Contribute
Subscribe
Search jobs
Sign in
Search
iPhone
Apple rushes to fix FaceTime bug that let users eavesdrop on others
Firm disables Group FaceTime over serious glitch which can also turn on video without people’s knowledge
Julia Carrie Wong in San Francisco and Alex Hern
Tue 29 Jan 2019 09.21 GMT First published on Tue 29 Jan 2019 02.39 GMT
Shares
2,176
The bug turns the phone of the recipient of a FaceTime call into a microphone while the call is still ringing. Photograph: Nicolas Asfouri/AFP/Getty Images
Apple has made the group functionality on its FaceTime application temporarily unavailable as it rushes to fix a glitch that allowed users to listen in on the people they were calling when they did not pick up the call. Under certain circumstances, the glitch also allowed callers to see video of the person they were calling before they picked up.
The Guardian confirmed the existence of the bug, which was first reported by 9to5Mac. It turned the phone of the recipient of a FaceTime call into a microphone while the call was still ringing. If the recipient of the call pressed the power button on the side of the iPhone – an action typically used to silence or ignore an incoming call – their phone would begin broadcasting video to the initial caller.
Why you shouldn’t post photos of friends without permission
Read more
Apple did not immediately respond to a request for comment from the Guardian. The company told Reuters it was aware of the problem and would release a software update “later this week”.
In the meantime, the Group FaceTime feature was temporarily made unavailable, according to Apple’s system status webpage. By disabling that feature at the source, the company appears to have prevented any further exploitation of the bug.
The flaw was discovered amid increasing concern over privacy by regulators around the globe and – embarrassingly for Apple – was exposed on Data Privacy Day, a global event instituted by the Council of Europe in 2007 to raise awareness among businesses and consumers about the importance of protecting privacy. Hours before the bug was first revealed to the public, Tim Cook, Apple’s chief executive, had tweeted that “the dangers are real and the consequences are too important” to not institute “vital privacy protections”.
The bug was discovered the day before Apple’s quarterly results call, already expected to be a fraught affair due to the company’s unprecedented decision to slash its revenue forecast by at least $5bn (£3.8bn). Cook blamed a slowdown in China for the reduction in earnings, and cited a battery replacement programme, foreign exchange fluctuations, and the end of carrier subsidies for new phones as compounding factors.
Apple has attempted to distinguish itself from rival technology companies such as Google and Facebook by boasting about its privacy record. In early January, the company ran a 13-floor billboard in Las Vegas stating, “What happens on your iPhone, stays on your iPhone” during the Consumer Electronics Show.
While Apple’s decision to shut down Group FaceTime appears to have protected against further attempts to exploit the bug, users wishing for an extra degree of security may wish to disable FaceTime entirely in their phones’ settings (a single switch located under the FaceTime submenu). Apple’s next software update, expected to be iOS 12.2, will be released later this week, the company says, and will contain a permanent fix.
Even then, it is not clear whether, or how, Apple will extend that protection to users who don’t update their phones to the latest operating system, either because they can’t, won’t, or don’t know how to. While the company keeps Group FaceTime switched off, those users are secure, but it remains uncertain whether they would be freshly exposed when the feature is restored.
The immediate reaction to the bug has been shock on the part of privacy and security experts. Ashkan Soltani, the former chief technology officer of the US Federal Trade Commission, called it “quite possibly one of the most significant privacy/security bugs the company has had to deal with in recent years (if not ever?),” and praised the speed with which Apple had disabled Group FaceTime.
