Earlier today Apple users from all over the world, including US citizens and permanent residents, realized that they could spy on each other by taking advantage of a FaceTime exploit that allows eavesdropping. First reported by 9 to 5 Mac, the bug in Apple’s videotelephony app allowed users without any technical skills to eavesdrop on virtually anyone in the world who uses FaceTime. By simply making a FaceTime video call users were able to listen through the callee’s device, even if the call recipient was not picking up. All users had to do was to create a “group call” by adding themselves to a standard two-way video call. The self-addition was tricking the system into thinking that all participants have picked up the phone. This ended up resulting in eavesdropping on the callee’s device. Here’s a video that shows the exploit in action:
— Benji Mobb™ (@BmManski) 28 de enero de 2019
What made the bug even worse was the fact that the caller was able to see a video stream directly from the recipient’s device should the recipient hit the power button to “reject” the video call. In response to the major privacy breach, Apple decided to turn off the group FaceTime feature, until they figure out how to get it fixed.
The FaceTime bug is currently one of the trending stories on all social media platforms. Dozens of users have already uploaded videos replicating the exploit. Some users even reported that they have managed to reproduce the FaceTime bug with an iPhone calling a Mac.
After the bug was discovered Apple issued a statement acknowledging it and stated that they plan to issue a fix later this week. New York City governor Andrew Cuomo called the FaceTime bug an “egregious breach of privacy that puts New Yorkers at risk.” Governor Cuomo added that he is “deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes.” It is currently unknown for long has the exploit been active.
The bug comes only weeks after Apple started using the following slogan “What happens on your iPhone, stays in on your iPhone.”, a wordplay from the famous Las Vegas slogan “What happens in Vegas, stays in Vegas.” Coincidently, the bug was also discovered on the national Data Privacy Day. Unaware of the exploit, and hours after the bug was discovered, Apple’s CEO Tim Cook tweeted that people “must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real, and the consequences are too important.”
What has Apple done to stop the bug?
Apple managed to anger the crowds by stating that they will patch the bug “later this week” but failed to take any immediate action to prevent people from spying on each other. However, hours after they realized the seriousness of the issue, they completely turned off the group FaceTime feature on all Apple devices and issued an update to patch the exploit. The group FaceTime feature is still temporarily unavailable.
What should you do?
First and foremost, you can delete the FaceTime app from your iPhone or Mac and reinstall it after Apple confirms that the issue has been officially fixed. If you do not wish to remove the app, you can disable the app through the settings of your iPhone or Mac.
This is a yet another great example why keeping your OS fully up-to-date is vital. Apple just issued a patch that fixes the exploit so if you are an Apple user, now is a good time to go and update your OS if you haven’t done so already.
Last but not least, install antivirus software on all your connected devices. Having another layer of protection on all your Apple products will prevent hackers from obtaining any missing pieces they may need from you to commit cybercrimes.