View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 29, 2019updated 30 Jan 2019 9:03am

Apple FaceTime Bug: Teenager Spotted Vulnerability 9 Days Ago

Was vulnerability reported 9 days ago and ignored?

By CBR Staff Writer

A soon-to-be famous teenager discovered a major Apple FaceTime bug in its group chat feature nine days ago, it appears, with Twitter user MGT7500 tagging the official Apple Support account in a January 20 tweet that claims their 14-year-old son discovered the “major security flaw”, but drawing no response.

The bug allows users to hear audio from the person they’re calling – even before they have answered the phone. Knowledge of how to use it spread virally after being picked up by users and then reported on 9to5mac.com. It is believed to have affected any pair of iOS devices running iOS 12.1 or later.

Apple was forced to acknowledge the issue on Data Privacy Day.

As Arstechnica explains, to make the bug work iOS users had to:

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
  • apple facetime bugTap on a contact on their iPhone to start a FaceTime call with them.
  • Swipe up and tap “Add Person.”
  • Instead of adding a new person, enter their own number and add themself as another participant in the Group FaceTime call.

The apparent early identification of the bug sparked a flurry of interest on social media as journalists awaited the story, and also triggered a fresh debate about the utility or otherwise of bug bounty programmes.

“This was yet another vulnerability handling process issue that is *not* solved by having a strong security engineering team and even a bug bounty”, Katie Moussouris, the CEO of Luta Security and a world-renowned expert on vulnerability disclosure programmes emphasised, amid information security industry chatter about the right channel to report vulnerabilities on.

With Apple having disabled group FaceTime chat functions until the issue is patched, some users had other, older fashioned suggestions to boost smartphone security amid seemingly endless vulnerabilities and user data exploitation issues: introduce hard switches for microphone, camera and GPS.

It seems unlikely to happen anytime soon, but the enterprising manufacturer that gives users back real control might just make a fine profit.

See also: Apple “Vulnerability” Could Have Been Exploited Since 2005

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU