Apple Disables Group FaceTime Following Reports of a Security Flaw that Allowed Eavesdropping

Apple Disables Group FaceTime Following Reports of a Security Flaw that Allowed Eavesdropping

A glitch in Apple's FaceTime app let users hear—and see—the other person even if the recipient never accepted the call.

Tech giant Apple has disabled the group chat function in their FaceTime app after security researchers found that the recipient of a call could be heard, sometimes even seen, without ever having answered the FaceTime call. The security flaw was widely reported on Monday leaving the company with no other option than disabling the feature until a fix could be found and rolled out.

The flaw is unusual for the iPhone maker as it prides itself on its strong privacy safeguards and comes at the height of scrutiny on technology companies that are often accused of violating users' privacy.

The security glitch was first reported by 9to5Mac, which wrong that the bug, "which was spreading virally over social media," lets you "immediately hear the audio coming from their phone." The trade publication listed in full detail the steps one would need to take to reproduce the glitch, which involved starting a FaceTime video call with an iPhone contact and then immediately adding your own phone number to the call. 

This move would trick the phone into starting a group FaceTime call and activate the other person's audio. If the recipient hit the power or volume button, the phone would broadcast video as well, The Verge reported.

The bug only worked on devices that had upgraded to iOS 12.1, which introduced group video calling. In a statement provided to several media outlets, Apple said it is "aware of this issue and we have identified a fix that will be released in a software update later this week."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.