Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




128 posts

Master Geek
+1 received by user: 42


Topic # 245323 29-Jan-2019 13:03
Send private message quote this post

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

 

 

 

"A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

 

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

 

9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.

 

Here’s how to do the iPhone FaceTime bug:

 

  • Start a FaceTime Video call with an iPhone contact.
  • Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
  • Add your own phone number in the Add Person screen.
  • You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen."

 

 

 

This is quite a bug indeed. I wonder if they can disable this in the backend somehow?


Create new topic
5355 posts

Uber Geek
+1 received by user: 1830


  Reply # 2169604 29-Jan-2019 13:24
Send private message quote this post

iOS 12.1.3 which was released about 5 days ago fixes a Facetime security issue.

 

The issue may have already been patched. OTOH, it may have been introduced with 12.1.3!


93 posts

Master Geek
+1 received by user: 47


  Reply # 2169618 29-Jan-2019 13:52
Send private message quote this post

I just tried that between myself and my wife, both running iOS 12.1.3 and couldn't get it to work.


 
 
 
 


4250 posts

Uber Geek
+1 received by user: 825

Trusted
Subscriber

  Reply # 2169626 29-Jan-2019 14:03
2 people support this post
Send private message quote this post

Given the number of minor bugs in iOS it was only a matter of time before Apple's sloppy software development resulted in an embarrassing screw up like this. Hopefully they will learn from it, but maybe that's wishful thinking.


2076 posts

Uber Geek
+1 received by user: 877

Trusted

  Reply # 2169644 29-Jan-2019 14:40
Send private message quote this post

We just tested this here at my work and it works very well.

 

Not sure of the iOS versions though.


14666 posts

Uber Geek
+1 received by user: 1969


  Reply # 2169648 29-Jan-2019 14:45
Send private message quote this post

All software has bugs so not surprising with something as complex as this.


1743 posts

Uber Geek
+1 received by user: 475


  Reply # 2169656 29-Jan-2019 15:07
Send private message quote this post

Swipe up from bottom only has volume/brightness controls etc, nothing to add callers?

Edit - watched the video of it, my FaceTime call screen looks completely different with no swipe up function.

1853 posts

Uber Geek
+1 received by user: 442

Trusted
Subscriber

  Reply # 2169937 29-Jan-2019 22:09
2 people support this post
Send private message quote this post

We tried it, and can’t get it to work.

The use case is odd - call person B, then add yourself into the call group while paging is still happening to establish the call paths. Feels like a loop back put in for test ease, but still a little sloppy to let it go out.

Personal view is I trust apple to fix this bloody fast, while android would roll it into next years OS release, for Samsung to ignore completely .




________

 

Antonios K

 

Click to see full size


1008 posts

Uber Geek
+1 received by user: 431

Trusted
Subscriber

  Reply # 2169939 29-Jan-2019 22:27
Send private message quote this post

Apparently, the Group FaceTime servers have been taken down. They may remain so until the patch for this is issued.






581 posts

Ultimate Geek
+1 received by user: 200

Subscriber

  Reply # 2170044 30-Jan-2019 09:15
2 people support this post
Send private message quote this post

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.

 

I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.


2103 posts

Uber Geek
+1 received by user: 222

Trusted
Subscriber

  Reply # 2170255 30-Jan-2019 15:26
Send private message quote this post

Benjip:

What a major cock up from Apple's iOS team. I'm hoping heads will roll or there will at least be a serious shake-up of their iOS security team.


I've disabled FaceTime on both my Macs and both my iOS devices in the meantime.



Group FaceTime has been disabled by Apple at the server level so this bug is no longer an issue until it’s patched.




MacBook Pro 13" w/ Touch Bar (2017) | iPad Pro 10.5 Wi-Fi 128GB (Space Grey) | iPhone 8 Plus 64GB (Product RED) | HomePod (Space Grey) | Apple TV 4K | Apple TV (4th Generation) | Apple Watch Series 4 44mm (Space Grey)


14666 posts

Uber Geek
+1 received by user: 1969


  Reply # 2170265 30-Jan-2019 15:51
Send private message quote this post

I had been getting calls on facetime from unknown numbers at all times of the day, so I suspect that some scammers had been using this bug. I did block the numbers from calling me. It is certainly a bad one, if they can listen in without me even accepting the call. 


63 posts

Master Geek
+1 received by user: 27


  Reply # 2170493 30-Jan-2019 22:52
2 people support this post
Send private message quote this post

https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html

 

"On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call.

 

His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report.

 

But it wasn’t until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com, in an article that went viral. The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products."

 

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.


1272 posts

Uber Geek
+1 received by user: 461

Subscriber

  Reply # 2170497 30-Jan-2019 23:07
One person supports this post
Send private message quote this post

People are going to jump on this pretty hard, there have already been lawsuits filed.

 

 

 

Houston lawyer Larry Williams II today filed a lawsuit against Apple claiming that his iPhone allowed an unknown person to listen in on sworn testimony during a client deposition. 

 


He is suing Apple for unspecified punitive damages for negligence, product liability, misrepresentation, and warranty breach. The bug, says Williams, violates the privacy of a person's "most intimate conversations without consent." 

The FaceTime bug in question was widely publicized yesterday after making the rounds on social media. By exploiting a bug in Group FaceTime, a person could force a FaceTime connection with another person, providing access to a user's audio and sometimes video even when the FaceTime call was not accepted. 

There was no way to avoid malicious FaceTime calls forced to connect in this manner short of turning off FaceTime, but after the issue received attention, Apple disabled Group FaceTime server side, and the feature remains unavailable. With Group FaceTime turned off, the exploit is not available and no one is in danger of being spied on via their Apple devices through the FaceTime bug. 

Apple is planning to implement a fix via a software update later this week, but the company has not commented on how long this bug was available before it was widely shared. Group FaceTime has been available since iOS 12.1 was released in October. 

A woman whose teenage son initially discovered the bug says that she contacted Applemultiple times starting on January 20, and even sent a video demonstrating the issue, but she received no response from the company.

 

 





Ding Ding Ding Ding Ding : Ice cream man , Ice cream man


'That VDSL Cat'
9711 posts

Uber Geek
+1 received by user: 2260

Trusted
Spark
Subscriber

  Reply # 2170502 31-Jan-2019 00:32
2 people support this post
Send private message quote this post

sailedpeep:

 

According to this report, a lawyer contacted Apple's product security team more than a week ago. I'm by no means an expert in security exploits but that turnaround time between being informed of the issue and pulling the Group FaceTime servers (after social media backlash) feels a bit too long.

 

 

Being someone who has worked in the majority of the touch points this would have gone through to get to a team to actually validate and produce a temporary fix, the response time doesn't surprise me really.

 

 

 

Particularly if you look at Apple Support being the initial contact, regardless of the organization there is generally quite a void between development and tier 1 support..

 

Security i'd expect a little more action but then.. is their customer facing team for security also a tier 1 support? did they simply send it to the abuse mail?

 

 

 

To me, i'd suspect after it hit broad social media the right team (or someone close to them) picked it up and got it jumped on straight away..





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


5355 posts

Uber Geek
+1 received by user: 1830


  Reply # 2175062 8-Feb-2019 14:11
Send private message quote this post

Looks like iOS 12.1.4 has been released now.


Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon introduces new Kindle with adjustable front light
Posted 21-Mar-2019 20:14


A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21


Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40


Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33


Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27


Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.