Major iPhone FaceTime bug lets you hear the audio of the person you are calling....

Forums › Apple iOS and devices › Major iPhone FaceTime bug lets you hear the audio of the person you are calling....

premiumtouring

237 posts

Master Geek

# 245323 29-Jan-2019 13:03

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

"A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.

Here’s how to do the iPhone FaceTime bug:

Start a FaceTime Video call with an iPhone contact.
Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
Add your own phone number in the Add Person screen.
You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen."

This is quite a bug indeed. I wonder if they can disable this in the backend somehow?

Tesla Model S P100DL / BMW i3 / Model 3: Feel free to private message me if you need advice buying an Electric Vehicle (EV).
If my advice has been helpful, or you just want free stuff with your purchase, use my referral link to buy your Tesla.

RunningMan

5595 posts

Uber Geek

# 2169604 29-Jan-2019 13:24

iOS 12.1.3 which was released about 5 days ago fixes a Facetime security issue.

The issue may have already been patched. OTOH, it may have been introduced with 12.1.3!

empacher48

155 posts

Master Geek

# 2169618 29-Jan-2019 13:52

I just tried that between myself and my wife, both running iOS 12.1.3 and couldn't get it to work.

alasta

4407 posts

Uber Geek

Trusted

Subscriber

# 2169626 29-Jan-2019 14:03

2 people support this post

Given the number of minor bugs in iOS it was only a matter of time before Apple's sloppy software development resulted in an embarrassing screw up like this. Hopefully they will learn from it, but maybe that's wishful thinking.

muppet

2152 posts

Uber Geek

Trusted

# 2169644 29-Jan-2019 14:40

We just tested this here at my work and it works very well.

Not sure of the iOS versions though.

mattwnz

15230 posts

Uber Geek

# 2169648 29-Jan-2019 14:45

All software has bugs so not surprising with something as complex as this.

MadEngineer

1914 posts

Uber Geek

# 2169656 29-Jan-2019 15:07

Swipe up from bottom only has volume/brightness controls etc, nothing to add callers?

Edit - watched the video of it, my FaceTime call screen looks completely different with no swipe up function.

antoniosk

1961 posts

Uber Geek

Trusted

Subscriber

# 2169937 29-Jan-2019 22:09

2 people support this post

We tried it, and can’t get it to work.

The use case is odd - call person B, then add yourself into the call group while paging is still happening to establish the call paths. Feels like a loop back put in for test ease, but still a little sloppy to let it go out.

Personal view is I trust apple to fix this bloody fast, while android would roll it into next years OS release, for Samsung to ignore completely .

________

Antonios K

Brumfondl

1080 posts

Uber Geek

Trusted

Subscriber

# 2169939 29-Jan-2019 22:27

Apparently, the Group FaceTime servers have been taken down. They may remain so until the patch for this is issued.

Benjip

675 posts

Ultimate Geek

Subscriber

# 2170044 30-Jan-2019 09:15

2 people support this post

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.

I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.

corksta

2182 posts

Uber Geek

Trusted

Subscriber

# 2170255 30-Jan-2019 15:26

Benjip:
What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.

I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.

Group FaceTime has been disabled by Apple at the server level so this bug is no longer an issue until it’s patched.

Sony 65" A8F OLED TV | Sony 65" X850F LED TV | Sony 55" X900F LED TV

mattwnz

15230 posts

Uber Geek

# 2170265 30-Jan-2019 15:51

I had been getting calls on facetime from unknown numbers at all times of the day, so I suspect that some scammers had been using this bug. I did block the numbers from calling me. It is certainly a bad one, if they can listen in without me even accepting the call.

sailedpeep

68 posts

Master Geek

# 2170493 30-Jan-2019 22:52

2 people support this post

https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html

"On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call.

His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report.

But it wasn’t until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com, in an article that went viral. The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products."

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.

JaseNZ

1516 posts

Uber Geek

Lifetime subscriber

# 2170497 30-Jan-2019 23:07

One person supports this post

People are going to jump on this pretty hard, there have already been lawsuits filed.

Houston lawyer Larry Williams II today filed a lawsuit against Apple claiming that his iPhone allowed an unknown person to listen in on sworn testimony during a client deposition.

He is suing Apple for unspecified punitive damages for negligence, product liability, misrepresentation, and warranty breach. The bug, says Williams, violates the privacy of a person's "most intimate conversations without consent."

The FaceTime bug in question was widely publicized yesterday after making the rounds on social media. By exploiting a bug in Group FaceTime, a person could force a FaceTime connection with another person, providing access to a user's audio and sometimes video even when the FaceTime call was not accepted.

There was no way to avoid malicious FaceTime calls forced to connect in this manner short of turning off FaceTime, but after the issue received attention, Apple disabled Group FaceTime server side, and the feature remains unavailable. With Group FaceTime turned off, the exploit is not available and no one is in danger of being spied on via their Apple devices through the FaceTime bug.

Apple is planning to implement a fix via a software update later this week, but the company has not commented on how long this bug was available before it was widely shared. Group FaceTime has been available since iOS 12.1 was released in October.

A woman whose teenage son initially discovered the bug says that she contacted Applemultiple times starting on January 20, and even sent a video demonstrating the issue, but she received no response from the company.

Ding Ding Ding Ding Ding : Ice cream man , Ice cream man

hio77

'That VDSL Cat'
11209 posts

Uber Geek

Trusted

Spark

Subscriber

# 2170502 31-Jan-2019 00:32

2 people support this post

sailedpeep:

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.

Being someone who has worked in the majority of the touch points this would have gone through to get to a team to actually validate and produce a temporary fix, the response time doesn't surprise me really.

Particularly if you look at Apple Support being the initial contact, regardless of the organization there is generally quite a void between development and tier 1 support..

Security i'd expect a little more action but then.. is their customer facing team for security also a tier 1 support? did they simply send it to the abuse mail?

To me, i'd suspect after it hit broad social media the right team (or someone close to them) picked it up and got it jumped on straight away..

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

RunningMan

5595 posts

Uber Geek

# 2175062 8-Feb-2019 14:11

Looks like iOS 12.1.4 has been released now.