Apple scrambles to fix FaceTime eavesdropping bug

Update. Apple published iOS 12.1.4 and macOS 10.14.3 Supplemental Update
to fix this (and other) bugs. [2019-02-07T23:25Z]

Apple is scrambling to fix an embarrassingly dangerous “snooping” bug in its popular FaceTime app.

In the meantime, Apple has apparently disabled the Group Facetime feature entirely, preferring to inflict a service outage than to leave the exploitable privacy hole gaping open.

The bug was reported on well-known Mac news site 9to5Mac, and how to abuse it is widely known.

In the simplest terms, the bug goes like this:

• Call someone from your contacts using FaceTime.
• Their phone will ring.
• Use the “Add Person” option to include a new participant in the chat, namely yourself.

That might sound pointless, considering that you are, rather obviously, already part of the call.

In fact, it seems that this sequence of events is so pointless that no one ever tested it, because what happens is that both you and the person who hasn’t answered the call yet get added into the conversation…

…and you can immediately hear the audio feed from the person who hasn’t answered the call yet.

Sure, you can’t use this to eavesdrop entirely secretly, given that the other person’s phone will ring (or perhaps vibrate) when you call it.

But if they don’t notice the phone ringing, or can’t reach it and decide simply to ignore the call, they certainly don’t expect their device to be listening in and transmitting right away!

In fact, it’s even worse that that – 9to5Mac reports that if the person you’ve called is at the lock screen and hits the Power button when receiving one of these booby-trapped “group calls”, you get to see their video feed as well as to hear what they’re saying – or what other people in the room are saying.

In other words, if the person you’ve called picks up their phone, hits the Power button, sees it’s you, grimaces, announces to the room, “Oh, heck, it’s Captain Annoying calling – I’m not ready to tell him the deal is off just yet,” and hits the [Decline] option…

…you’ve just found out more than you probably ever would or could have discovered if they’d actually answered the phone immediately and told you they couldn’t talk right now.

What to do?

As far as we can see, this privacy breach happens because of a bug in the FaceTime app that causes it to “answer” a call before you’re ready.

In other words, this is a bug that you can’t control from your end, because it’s triggered by the activation of a feature in the app by the person who initiated the call.

In theory, Apple’s block of Group FaceTime in the FaceTime infrastructure itself ought to prevent the bug being exploited.

But in practice, at least until Apple updates the app and you’ve downloaded the patch, the only way to be sure this bug can’t be triggered is to disable the app yourself.

Go to iOS Settings → FaceTime and flip the slider to off:

LEARN MORE IN OUR NAKED SECURITY LIVE VIDEO

(Watch directly on YouTube if the video won’t play here.)