Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




237 posts

Master Geek


# 245323 29-Jan-2019 13:03
Send private message

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

 

 

 

"A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

 

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

 

9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.

 

Here’s how to do the iPhone FaceTime bug:

 

  • Start a FaceTime Video call with an iPhone contact.
  • Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
  • Add your own phone number in the Add Person screen.
  • You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen."

 

 

 

This is quite a bug indeed. I wonder if they can disable this in the backend somehow?





Tesla Model S P100DL / BMW i3 / Model 3: Feel free to private message me if you need advice buying an Electric Vehicle (EV).
If my advice has been helpful, or you just want free stuff with your purchase, use my referral link to buy your Tesla.


Create new topic
5595 posts

Uber Geek


  # 2169604 29-Jan-2019 13:24
Send private message

iOS 12.1.3 which was released about 5 days ago fixes a Facetime security issue.

 

The issue may have already been patched. OTOH, it may have been introduced with 12.1.3!


155 posts

Master Geek


  # 2169618 29-Jan-2019 13:52
Send private message

I just tried that between myself and my wife, both running iOS 12.1.3 and couldn't get it to work.


 
 
 
 


4407 posts

Uber Geek

Trusted
Subscriber

  # 2169626 29-Jan-2019 14:03
2 people support this post
Send private message

Given the number of minor bugs in iOS it was only a matter of time before Apple's sloppy software development resulted in an embarrassing screw up like this. Hopefully they will learn from it, but maybe that's wishful thinking.


2152 posts

Uber Geek

Trusted

  # 2169644 29-Jan-2019 14:40
Send private message

We just tested this here at my work and it works very well.

 

Not sure of the iOS versions though.


15230 posts

Uber Geek


  # 2169648 29-Jan-2019 14:45
Send private message

All software has bugs so not surprising with something as complex as this.


1914 posts

Uber Geek


  # 2169656 29-Jan-2019 15:07
Send private message

Swipe up from bottom only has volume/brightness controls etc, nothing to add callers?

Edit - watched the video of it, my FaceTime call screen looks completely different with no swipe up function.

1961 posts

Uber Geek

Trusted
Subscriber

  # 2169937 29-Jan-2019 22:09
2 people support this post
Send private message

We tried it, and can’t get it to work.

The use case is odd - call person B, then add yourself into the call group while paging is still happening to establish the call paths. Feels like a loop back put in for test ease, but still a little sloppy to let it go out.

Personal view is I trust apple to fix this bloody fast, while android would roll it into next years OS release, for Samsung to ignore completely .




________

 

Antonios K

 

Click to see full size


 
 
 
 


1080 posts

Uber Geek

Trusted
Subscriber

  # 2169939 29-Jan-2019 22:27
Send private message

Apparently, the Group FaceTime servers have been taken down. They may remain so until the patch for this is issued.






675 posts

Ultimate Geek

Subscriber

  # 2170044 30-Jan-2019 09:15
2 people support this post
Send private message

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.

 

I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.


2182 posts

Uber Geek

Trusted
Subscriber

  # 2170255 30-Jan-2019 15:26
Send private message

Benjip:

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.


I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.



Group FaceTime has been disabled by Apple at the server level so this bug is no longer an issue until it’s patched.




2018 iPad Pro 12.9 Wi-Fi 64GB (Space Grey) | 2018 iPad mini Wi-Fi 64GB (Space Grey) | iPhone 11 Pro Max 64GB (Midnight Green) | 2x HomePod (Space Grey) | 3x Apple TV 4K | Apple Watch Series 4 44mm (Space Grey)

 

Sony 65" A8F OLED TV | Sony 65" X850F LED TV | Sony 55" X900F LED TV


15230 posts

Uber Geek


  # 2170265 30-Jan-2019 15:51
Send private message

I had been getting calls on facetime from unknown numbers at all times of the day, so I suspect that some scammers had been using this bug. I did block the numbers from calling me. It is certainly a bad one, if they can listen in without me even accepting the call. 


68 posts

Master Geek


  # 2170493 30-Jan-2019 22:52
2 people support this post
Send private message

https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html

 

"On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call.

 

His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report.

 

But it wasn’t until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com, in an article that went viral. The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products."

 

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.


1516 posts

Uber Geek

Lifetime subscriber

  # 2170497 30-Jan-2019 23:07
One person supports this post
Send private message

People are going to jump on this pretty hard, there have already been lawsuits filed.

 

 

 

Houston lawyer Larry Williams II today filed a lawsuit against Apple claiming that his iPhone allowed an unknown person to listen in on sworn testimony during a client deposition. 

 


He is suing Apple for unspecified punitive damages for negligence, product liability, misrepresentation, and warranty breach. The bug, says Williams, violates the privacy of a person's "most intimate conversations without consent." 

The FaceTime bug in question was widely publicized yesterday after making the rounds on social media. By exploiting a bug in Group FaceTime, a person could force a FaceTime connection with another person, providing access to a user's audio and sometimes video even when the FaceTime call was not accepted. 

There was no way to avoid malicious FaceTime calls forced to connect in this manner short of turning off FaceTime, but after the issue received attention, Apple disabled Group FaceTime server side, and the feature remains unavailable. With Group FaceTime turned off, the exploit is not available and no one is in danger of being spied on via their Apple devices through the FaceTime bug. 

Apple is planning to implement a fix via a software update later this week, but the company has not commented on how long this bug was available before it was widely shared. Group FaceTime has been available since iOS 12.1 was released in October. 

A woman whose teenage son initially discovered the bug says that she contacted Applemultiple times starting on January 20, and even sent a video demonstrating the issue, but she received no response from the company.

 

 





Ding Ding Ding Ding Ding : Ice cream man , Ice cream man


'That VDSL Cat'
11209 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2170502 31-Jan-2019 00:32
2 people support this post
Send private message

sailedpeep:

 

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.

 

 

Being someone who has worked in the majority of the touch points this would have gone through to get to a team to actually validate and produce a temporary fix, the response time doesn't surprise me really.

 

 

 

Particularly if you look at Apple Support being the initial contact, regardless of the organization there is generally quite a void between development and tier 1 support..

 

Security i'd expect a little more action but then.. is their customer facing team for security also a tier 1 support? did they simply send it to the abuse mail?

 

 

 

To me, i'd suspect after it hit broad social media the right team (or someone close to them) picked it up and got it jumped on straight away..





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


5595 posts

Uber Geek


  # 2175062 8-Feb-2019 14:11
Send private message

Looks like iOS 12.1.4 has been released now.


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.