A serious FaceTime bug that let iPhone users eavesdrop on the person they were calling was all over the news on Tuesday, January 29. It now appears that a teen and his mom tried to warn Apple about the flaw multiple times in the past week, but without success.
Only when the issue went viral on Tuesday did Apple acknowledge the bug’s existence. Its initial response was to disable FaceTime’s recently launched group call feature, a move that prevented people from exploiting the flaw. It then said it’s aiming to fix the problem by the end of this week.
Arizona resident Michele Thompson claims her son, Grant, stumbled upon the issue by chance nine days ago when he was trying to contact friends on Apple’s video chat app, CNN reported.
Ms. Thompson said she had tried to alert the company to the issue a number of times — including emailing and tweeting Apple CEO Tim Cook — but to no avail.
Then, on January 21, a full eight days before Apple tackled the security issue, she took to Facebook and Twitter to voice her concerns, writing: “My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff!”
My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews
— MGT7 (@MGT7500) January 21, 2019
She eventually learned that a developer account was required to report the flaw, and so, still keen to make sure Apple got to hear about the problem, Thompson emailed a bug report and a video showing how to replicate it to the iPhone maker’s Product Security department.
She said later that Apple’s reporting process was “poorly set up, especially for the average citizen,” telling CNN that the experience had been “exhausting and exasperating.”
On Tuesday, once news outlets got hold of the story, Apple finally disabled the group call feature to prevent the bug from being exploited. The feature only launched last year, with the flaw reportedly affecting iDevices running iOS 12.1 or later, and also Mac computers.
Users could exploit the bug by starting a FaceTime call on their Apple handset, then swiping up and tapping Add Person. Inputting your own phone number and adding it would connect the call without the recipient realizing.
In a Facebook message posted before the issue went viral, Grant’s mother requested “an iPhone X, a MacBook and a new pair of AirPods for his trouble.” Apple doesn’t hand out goodies for bug reports, though it does offer cash rewards for important discoveries as part of its bug bounty program.
The tech colossus is now working to squash the bug and has disabled group calls, but if you’d prefer to log out of FaceTime altogether until the fix arrives, then Digital Trends has a handy guide detailing the steps you need to take.
