Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


premiumtouring

355 posts

Ultimate Geek


#245323 29-Jan-2019 13:03
Send private message

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

 

 

 

"A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

 

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

 

9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.

 

Here’s how to do the iPhone FaceTime bug:

 

  • Start a FaceTime Video call with an iPhone contact.
  • Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
  • Add your own phone number in the Add Person screen.
  • You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen."

 

 

 

This is quite a bug indeed. I wonder if they can disable this in the backend somehow?





-


Create new topic
RunningMan
8953 posts

Uber Geek


  #2169604 29-Jan-2019 13:24
Send private message

iOS 12.1.3 which was released about 5 days ago fixes a Facetime security issue.

 

The issue may have already been patched. OTOH, it may have been introduced with 12.1.3!




empacher48
368 posts

Ultimate Geek


  #2169618 29-Jan-2019 13:52
Send private message

I just tried that between myself and my wife, both running iOS 12.1.3 and couldn't get it to work.


alasta
6703 posts

Uber Geek

Trusted
Subscriber

  #2169626 29-Jan-2019 14:03
Send private message

Given the number of minor bugs in iOS it was only a matter of time before Apple's sloppy software development resulted in an embarrassing screw up like this. Hopefully they will learn from it, but maybe that's wishful thinking.




muppet
2568 posts

Uber Geek

Trusted

  #2169644 29-Jan-2019 14:40
Send private message

We just tested this here at my work and it works very well.

 

Not sure of the iOS versions though.


mattwnz
20141 posts

Uber Geek


  #2169648 29-Jan-2019 14:45
Send private message

All software has bugs so not surprising with something as complex as this.


MadEngineer
4271 posts

Uber Geek

Trusted

  #2169656 29-Jan-2019 15:07
Send private message

Swipe up from bottom only has volume/brightness controls etc, nothing to add callers?

Edit - watched the video of it, my FaceTime call screen looks completely different with no swipe up function.




You're not on Atlantis anymore, Duncan Idaho.

antoniosk
2358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2169937 29-Jan-2019 22:09
Send private message

We tried it, and can’t get it to work.

The use case is odd - call person B, then add yourself into the call group while paging is still happening to establish the call paths. Feels like a loop back put in for test ease, but still a little sloppy to let it go out.

Personal view is I trust apple to fix this bloody fast, while android would roll it into next years OS release, for Samsung to ignore completely .




________

 

Antoniosk


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Brumfondl
1187 posts

Uber Geek

Trusted

  #2169939 29-Jan-2019 22:27
Send private message

Apparently, the Group FaceTime servers have been taken down. They may remain so until the patch for this is issued.






Benjip
943 posts

Ultimate Geek

ID Verified

  #2170044 30-Jan-2019 09:15
Send private message

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.

 

I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.


corksta
2397 posts

Uber Geek

Trusted
Subscriber

  #2170255 30-Jan-2019 15:26
Send private message

Benjip:

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.


I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.



Group FaceTime has been disabled by Apple at the server level so this bug is no longer an issue until it’s patched.




2020 MacBook Air M1 (Space Grey) | 2023 Mac mini M2 | 2021 iPad Pro 11" M1 (Space Grey) | 2021 iPad mini (Space Grey) | iPhone 15 Pro Max (Natural Titanium) | HomePod (Space Grey) | 10x HomePod mini (Space Grey, White, Yellow, Blue, Orange) | 4x Apple TV 4K | Apple Watch Ultra 2


mattwnz
20141 posts

Uber Geek


  #2170265 30-Jan-2019 15:51
Send private message

I had been getting calls on facetime from unknown numbers at all times of the day, so I suspect that some scammers had been using this bug. I did block the numbers from calling me. It is certainly a bad one, if they can listen in without me even accepting the call. 


sailedpeep
83 posts

Master Geek


  #2170493 30-Jan-2019 22:52
Send private message

https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html

 

"On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call.

 

His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report.

 

But it wasn’t until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com, in an article that went viral. The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products."

 

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.


  #2170497 30-Jan-2019 23:07
Send private message

People are going to jump on this pretty hard, there have already been lawsuits filed.

 

 

 

Houston lawyer Larry Williams II today filed a lawsuit against Apple claiming that his iPhone allowed an unknown person to listen in on sworn testimony during a client deposition. 

 


He is suing Apple for unspecified punitive damages for negligence, product liability, misrepresentation, and warranty breach. The bug, says Williams, violates the privacy of a person's "most intimate conversations without consent." 

The FaceTime bug in question was widely publicized yesterday after making the rounds on social media. By exploiting a bug in Group FaceTime, a person could force a FaceTime connection with another person, providing access to a user's audio and sometimes video even when the FaceTime call was not accepted. 

There was no way to avoid malicious FaceTime calls forced to connect in this manner short of turning off FaceTime, but after the issue received attention, Apple disabled Group FaceTime server side, and the feature remains unavailable. With Group FaceTime turned off, the exploit is not available and no one is in danger of being spied on via their Apple devices through the FaceTime bug. 

Apple is planning to implement a fix via a software update later this week, but the company has not commented on how long this bug was available before it was widely shared. Group FaceTime has been available since iOS 12.1 was released in October. 

A woman whose teenage son initially discovered the bug says that she contacted Applemultiple times starting on January 20, and even sent a video demonstrating the issue, but she received no response from the company.

 

 





Ding Ding Ding Ding Ding : Ice cream man , Ice cream man


hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2170502 31-Jan-2019 00:32
Send private message

sailedpeep:

 

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.

 

 

Being someone who has worked in the majority of the touch points this would have gone through to get to a team to actually validate and produce a temporary fix, the response time doesn't surprise me really.

 

 

 

Particularly if you look at Apple Support being the initial contact, regardless of the organization there is generally quite a void between development and tier 1 support..

 

Security i'd expect a little more action but then.. is their customer facing team for security also a tier 1 support? did they simply send it to the abuse mail?

 

 

 

To me, i'd suspect after it hit broad social media the right team (or someone close to them) picked it up and got it jumped on straight away..





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


RunningMan
8953 posts

Uber Geek


  #2175062 8-Feb-2019 14:11
Send private message

Looks like iOS 12.1.4 has been released now.


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.