Apple To Fix FaceTime Bug That Allows Eavesdropping (#GotBitcoin?)
Apple has disabled a group-chat function in FaceTime after users said a software bug could let callers activate another person’s microphone remotely. Apple To Fix FaceTime Bug That Allows Eavesdropping
With the bug, a FaceTime user calling another iPhone, iPad or Mac computer could hear audio — even if the receiver did not accept the call. The bug is triggered when callers add themselves to the same call to launch a group chat. That makes FaceTime think the receiver had accepted the chat.
The bug, demonstrated through videos online, comes as an embarrassment for a company that is trying to distinguish itself by stressing its commitment to users’ privacy.
“This is a big hit to their brand,” said Dave Kennedy, CEO of Ohio-based security firm TrustedSec. “There’s been a long period of time people could have used that to eavesdrop. These things definitely should be caught prior to ever being released.”
Kennedy, however, commended Apple’s quick response this week following reports of the bug by tech blogs. He predicted the reputational dent could soon be forgotten if it doesn’t become part of a pattern.
“We’re aware of this issue and we have identified a fix that will be released in a software update later this week,” Apple said in a statement Tuesday.
Its online support page noted that there was a technical issue with the application and that Group Facetime “is temporarily unavailable.”
Apple had introduced the 32-person video conferencing feature in October for iPhones, iPads and Macs. Regular, two-person FaceTime calls aren’t affected unless the caller turns it into a group chat.
It’s hard to know if anyone exploited the bug maliciously, said Erka Koivunen, chief information security officer for Finnish company F-Secure. He said it would have been hard to use the bug to spy on someone, as the phone would ring first — and it’s easy to identify who called.
New York Gov. Andrew Cuomo released a statement warning people about the bug and urging people to disable the app until Apple fixes the issue.
Apple was due to report its latest quarterly earnings Tuesday amid intense investor interest in the company’s financial health. Earlier this month, Apple said that demand for iPhones was waning and that its earnings for the final quarter of 2018 would be below expectations — a rare downgrade from the company.
Teenager And His Mom Tried To Warn Apple of FaceTime Bug
Michele Thompson said it was frustrating trying to get the attention of one of the world’s largest technology companies.
An Arizona teenager and his mother spent more than a week trying to warn Apple Inc. of a bug in its FaceTime video-chat software before news of the glitch—which allows one FaceTime user calling another in a group chat to listen in while the recipient’s Apple device is still ringing—blew up on social media Monday.
In the days following their discovery, the pair posted on Twitter and Facebook , called and faxed Apple, and learned they needed a developer account to report the bug. They eventually traded a few emails, viewed by The Wall Street Journal, with Apple’s security team.
But it wasn’t until word of the bug started spreading more widely on social media that Apple disabled the software feature at the heart of the issue.
Michele Thompson said her 14-year-old son, Grant, discovered the issue Jan. 20. She said it was frustrating trying to get the attention of one of the world’s largest technology companies.
“Short of smoke signals, I was trying every method that someone could use to get a hold of someone at Apple,” said Ms. Thompson, 43, who lives with her son in Tucson.
The bug, revealed while Apple is touting its commitment to user privacy to distinguish itself from other big tech companies, affects FaceTime software running on iPhones, iPads and Mac computers. It isn’t clear when the glitch originated, though it affects a multiperson video-chat function called Group FaceTime that Apple launched in October 2018.
On Monday, New York Governor Andrew Cuomo took the unusual step of issuing a consumer alert on the issue. “The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk,” he said in a statement.
Apple disabled the Group FaceTime feature late Monday. A spokeswoman said late Monday Apple was aware of the issue and expected to release a software fix this week.
Informed of Ms. Thompson’s claims Tuesday morning, the spokeswoman declined to comment further.
Grant, a high-school freshman, was setting up a FaceTime chat with friends ahead of a “Fortnite” videogame-playing session when he stumbled on the bug. Using FaceTime, Mr. Thompson found that as he added new members to his group chat, he could hear audio from other participants, even if they hadn’t answered his request to join the chat.
He was surprised. That gave him a way of listening in on people without their consent while calls were ringing, a period that typically lasts less than a minute.
Grant did what any responsible teenage security researcher would do: He went to mom. “I was interested to see if we could report to Apple,” Grant said.
Starting Sunday of last week, Ms. Thompson posted Twitter and Facebook messages she hoped would be seen by Apple’s social-media or support team. She followed with a now-deleted Twitter message to Apple Chief Executive Tim Cook. But Tuesday, she had faxed and phoned the company directly.
Ms. Thompson finally spoke with an Apple support representative that day about the bug. “He called me back and he really had no information,” she said. “He said there’s really nothing I could do. You have to register as a developer and submit it.”
Apple’s Bug Reporter program requires a person to sign in with an Apple ID and a developer account, according to the company’s website.
Ms. Thompson, who is an attorney, registered herself as an Apple developer to participate in the program. Since 2016, Apple has paid out cash bounties to researchers who discover significant bugs. Ms. Thompson hoped she might secure a payout for her son, she said.
While companies are increasingly adding bug-bounty programs, they aren’t always integrating them with their social media and support teams, said Katie Moussouris, CEO of Luta Security Inc., which advises companies on such programs. “Apple has a good reputation for having solid engineering, but that doesn’t mean that the intake process is completely worked out,” she said.
According to emails viewed by the Journal, Ms. Thompson heard back from Apple’s security team on Wednesday, Jan. 23. At around 11:15 p.m. on Friday, she emailed them a description of the issue, along with a link to a YouTube video in which she and her son demonstrated how to exploit the bug.
Late yesterday, Apple disabled the group chat function in FaceTime after news of the bug was made public on social media. Security experts recommend disabling FaceTime until Apple issues a patch; the company expects to issue one later this week.
Ms. Thompson said she doesn’t know how the bug was made public.
She isn’t sure whether she or Grant will get a bounty or even a thank-you note from Apple for their efforts. “It’s just hard for the average citizen to report anything,” she said.
Michele G Thompson about a week ago
My son just found a major flaw in Apple’s new iOS, that allows you to hear another person in the vicinity of their iPhone or iPad. I’ve verified it several times myself and was able to listen in on both of my kids, which can be done without their knowledge. We just submitted the bug report to Apple and are waiting to hear back. We won’t provide the details since it’s a major security risk, but it’s unbelievable that my 14-year-old figured this out. Of course, he’d like an iPhone X, a MacBook and a new pair of AirPods for his trouble. Apple-we’re waiting for your call.
Apple Apologizes for FaceTime Bug, Sets Fix for Next Week
The glitch was an embarrassment for Apple, which has marketed the security and privacy of its devices and criticized tech rivals for their data collection.
Apple Inc. apologized for a security flaw in its FaceTime video-chat system and said a software fix is coming next week, as the iPhone maker sought to assure customers it moved fast to address an embarrassing vulnerability that drew the attention of government officials.
“We sincerely apologize to our customers who were affected and all who were concerned about this security issue,” an Apple spokesman said in a statement Friday. “We appreciate everyone’s patience as we complete this process.”
The apology came two days after New York Governor Andrew Cuomo and Attorney General Letitia James said the state would investigate Apple’s response to a bug that allowed one FaceTime user calling another in a group conversation to eavesdrop while the recipient’s device was still ringing. The bug affected FaceTime running on iPhones, iPads and Macs.
The glitch was a high-profile setback for a company that has marketed the security and privacy of its devices, and has criticized other technology companies for collecting users’ personal data. Apple this week punished Facebook Inc. and Google, a division of Alphabet Inc., for violating its developer policies by releasing apps that gathered information from customers using Apple devices in exchange for compensation.
In its statement Friday, Apple thanked an Arizona teenager and his mother for shedding light on the bug. Though the family reported it more than a week ago, Apple didn’t disable the Group FaceTime feature linked to the problem until Monday, when the issue blew up on social media.
An Apple spokesman didn’t respond to questions about whether the Thompson family of Tucson, Ariz., would be rewarded for their work. Michele Thompson had hoped her 14-year-old son, who discovered the issue, might secure a payout from Apple, which has offered cash bounties since 2016 to researchers who discover significant bugs.
Apple said its engineering team quickly disabled Group FaceTime after it became aware of the bug and began working quickly to fix the issue. It added that the company is committed to improving the process for receiving and responding to reports of software bugs.
Ms. Thompson said she tried to communicate the problem to Apple through social media, fax and phone but struggled to get the attention of the tech giant’s security team. She eventually registered as a developer in order to submit the bug.
Apologies, once rare for Apple, have become more common. In December 2017, it issued an apology for a software feature that slowed the performance of iPhones with older batteries. The company is facing civil litigation over that issue in U.S. District Court in Northern California.
“We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week,” Apple said. “We thank the Thompson family for reporting the bug.”
Apple To Reward Teen As It Patches FaceTime Bug
The tech giant plans to make a gift toward Arizona teenager’s education
Apple Inc. plugged a major flaw in its FaceTime video-chat software Thursday, and said it would pay a 14-year-old from Arizona for reporting the problem.
Grant Thompson, a freshman at Tucson’s Catalina Foothills High School, found the bug a little more than two weeks ago as he chatted with friends while playing the videogame “Fortnite.” His mother, Michele Thompson, spent the better part of a week unsuccessfully trying to notify the tech giant of the flaw.
The Bug Is A Serious One: It allows one FaceTime user calling another in a group chat to listen in—or even see video—while the recipient’s Apple device is still ringing. Apple last week apologized for the flaw, an embarrassing vulnerability for a company that heavily markets the security and privacy of its devices. The bug caught the attention of New York Governor Andrew Cuomo and Attorney General Letitia James, who said the state would investigate.
Apple said it plans to compensate the Thompson family and will make a gift toward Grant’s education. It declined to say how much it will pay. Apple runs a “bug bounty” program that in some cases can pay up to hundreds of thousands of dollars to researchers reporting bugs.
Apple also credited a second person, Daven Morris of Arlington, Texas, with reporting the issue.
After learning of the bug last week, Apple disabled its Group FaceTime feature, which was the source of the bug, and began work on a patch for the issue.
Your questions and comments are greatly appreciated.
Monty H. & Carolyn A.Go back