Major iPhone FaceTime bug lets you hear the audio of the person you are calling....

Forums › Apple iOS and devices › Major iPhone FaceTime bug lets you hear the audio of the person you are calling....

premiumtouring

355 posts

Ultimate Geek

#245323 29-Jan-2019 13:03

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

"A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.

Here’s how to do the iPhone FaceTime bug:

Start a FaceTime Video call with an iPhone contact.
Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
Add your own phone number in the Add Person screen.
You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen."

This is quite a bug indeed. I wonder if they can disable this in the backend somehow?

RunningMan

8953 posts

Uber Geek

#2169604 29-Jan-2019 13:24

iOS 12.1.3 which was released about 5 days ago fixes a Facetime security issue.

The issue may have already been patched. OTOH, it may have been introduced with 12.1.3!

empacher48

368 posts

Ultimate Geek

#2169618 29-Jan-2019 13:52

I just tried that between myself and my wife, both running iOS 12.1.3 and couldn't get it to work.

alasta

6703 posts

Uber Geek

Trusted

Subscriber

#2169626 29-Jan-2019 14:03

Given the number of minor bugs in iOS it was only a matter of time before Apple's sloppy software development resulted in an embarrassing screw up like this. Hopefully they will learn from it, but maybe that's wishful thinking.

muppet

2568 posts

Uber Geek

Trusted

#2169644 29-Jan-2019 14:40

We just tested this here at my work and it works very well.

Not sure of the iOS versions though.

mattwnz

20141 posts

Uber Geek

#2169648 29-Jan-2019 14:45

All software has bugs so not surprising with something as complex as this.

MadEngineer

4271 posts

Uber Geek

Trusted

#2169656 29-Jan-2019 15:07

Swipe up from bottom only has volume/brightness controls etc, nothing to add callers?

Edit - watched the video of it, my FaceTime call screen looks completely different with no swipe up function.

You're not on Atlantis anymore, Duncan Idaho.

antoniosk

2358 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2169937 29-Jan-2019 22:09

We tried it, and can’t get it to work.

The use case is odd - call person B, then add yourself into the call group while paging is still happening to establish the call paths. Feels like a loop back put in for test ease, but still a little sloppy to let it go out.

Personal view is I trust apple to fix this bloody fast, while android would roll it into next years OS release, for Samsung to ignore completely .

________

Antoniosk

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

Brumfondl

1187 posts

Uber Geek

Trusted

#2169939 29-Jan-2019 22:27

Apparently, the Group FaceTime servers have been taken down. They may remain so until the patch for this is issued.

Benjip

943 posts

Ultimate Geek

ID Verified

#2170044 30-Jan-2019 09:15

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.

I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.

corksta

2397 posts

Uber Geek

Trusted

Subscriber

#2170255 30-Jan-2019 15:26

Benjip:
What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.

I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.

Group FaceTime has been disabled by Apple at the server level so this bug is no longer an issue until it’s patched.

mattwnz

20141 posts

Uber Geek

#2170265 30-Jan-2019 15:51

I had been getting calls on facetime from unknown numbers at all times of the day, so I suspect that some scammers had been using this bug. I did block the numbers from calling me. It is certainly a bad one, if they can listen in without me even accepting the call.

sailedpeep

83 posts

Master Geek

#2170493 30-Jan-2019 22:52

https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html

"On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call.

His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report.

But it wasn’t until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com, in an article that went viral. The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products."

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.

JaseNZ

2576 posts

Uber Geek

ID Verified

Lifetime subscriber

#2170497 30-Jan-2019 23:07

People are going to jump on this pretty hard, there have already been lawsuits filed.

Houston lawyer Larry Williams II today filed a lawsuit against Apple claiming that his iPhone allowed an unknown person to listen in on sworn testimony during a client deposition.

He is suing Apple for unspecified punitive damages for negligence, product liability, misrepresentation, and warranty breach. The bug, says Williams, violates the privacy of a person's "most intimate conversations without consent."

The FaceTime bug in question was widely publicized yesterday after making the rounds on social media. By exploiting a bug in Group FaceTime, a person could force a FaceTime connection with another person, providing access to a user's audio and sometimes video even when the FaceTime call was not accepted.

There was no way to avoid malicious FaceTime calls forced to connect in this manner short of turning off FaceTime, but after the issue received attention, Apple disabled Group FaceTime server side, and the feature remains unavailable. With Group FaceTime turned off, the exploit is not available and no one is in danger of being spied on via their Apple devices through the FaceTime bug.

Apple is planning to implement a fix via a software update later this week, but the company has not commented on how long this bug was available before it was widely shared. Group FaceTime has been available since iOS 12.1 was released in October.

A woman whose teenage son initially discovered the bug says that she contacted Applemultiple times starting on January 20, and even sent a video demonstrating the issue, but she received no response from the company.

Ding Ding Ding Ding Ding : Ice cream man , Ice cream man

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2170502 31-Jan-2019 00:32

sailedpeep:

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.

Being someone who has worked in the majority of the touch points this would have gone through to get to a team to actually validate and produce a temporary fix, the response time doesn't surprise me really.

Particularly if you look at Apple Support being the initial contact, regardless of the organization there is generally quite a void between development and tier 1 support..

Security i'd expect a little more action but then.. is their customer facing team for security also a tier 1 support? did they simply send it to the abuse mail?

To me, i'd suspect after it hit broad social media the right team (or someone close to them) picked it up and got it jumped on straight away..

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

RunningMan

8953 posts

Uber Geek

#2175062 8-Feb-2019 14:11

Looks like iOS 12.1.4 has been released now.