Do you remember that just last week, Apple released the new iOS 12.1.3 update that aimed to fix multiple bugs and security issues including a bug that would have allowed an attacker to initiate a call?
However, according to widespread reports, Apple may have missed an even worse and more serious FaceTime bug that has managed to slip through the cracks.
How bad is it? Well, it can turn your Apple gadget into a discreet eavesdropping tool. Worse yet, it looks like it may have been exploitable for the last three months without Apple’s knowledge.
For your safety, read on and learn all about this massive FaceTime privacy flaw and what you can do about it.
Serious FaceTime bug
A serious bug has been recently discovered in Apple’s FaceTime that can turn an iPhone, an iPad or a Mac into a remote spying gadget.
As spotted by 9to5Mac, the bug allows you to call someone with FaceTime and immediately hear their phone’s audio before they’ve even accepted or rejected the call.
Basically, this means you can listen in to any iOS or Mac user while their gadget is still ringing and there’s no indication on the receiver’s side that you are eavesdropping.
Even worse, if the receiver hits the power or volume button from the lock screen to reject or ignore the FaceTime call, the phone will start transmitting video, too. Checkmate. Yikes!
Flaw caused by Group FaceTime
This bug affects any Apple gadget that supports Group FaceTime. Remember, Group FaceTime was one of the best new features of iOS 12.1 that allows video group calls of up to 32 participants at a time.
This includes the iPhone 6s or later, the iPad Pro or later, the iPad Air 2, or the iPad Mini 4 running iOS 12.1, at least.
Note: Earlier phones that support iOS 12 like the iPhone 5s, iPhone 6, and iPhone 6 Plus will only get audio from Group FaceTime call and will not support video. Same with the iPad mini 2, iPad mini 3, and the iPad Air.
Additionally, the bug also affects Macs that support Group FaceTime and running macOS Mojave 10.14.1.
Not-so-fun fact: This FaceTime security bug was made public on Monday, which coincidentally was also “Data Privacy Day.”
How does the bug work?
To show you how simple it is to exploit the bug, here are the steps:
- Start a FaceTime session with someone
- While the call is still ringing, swipe up from the bottom of your screen
- Select “Add Person”
- Add your own phone number to the FaceTime call
Note: This exploit is no longer available. Apple has temporarily disabled Group Time to address the issue.
Apparently, adding your own phone number to a call creates a Group FaceTime session and assumes that it is already active. It will then automatically connect both parties and transmit audio even though the call wasn’t accepted yet.
On your phone, it looks like a standard Group FaceTime call but on the receiver’s screen, it looks like the call wasn’t accepted yet.
Obviously, this is a big privacy risk since it allows anyone to eavesdrop without the other party knowing about it. And it’s an even bigger risk on Macs since FaceTime on macOS rings for much longer.
In response to the bug, Apple has temporarily turned off Group FaceTime in iOS and macOS on the server side. The feature is unavailable for the time being,
This will address the flaw for now but it’s obviously a Band-Aid fix for a serious problem. Apple said that it will patch the bug later this week with a software update.
It’s unclear when this FaceTime bug started, but since it also works on iOS 12.1, it may have been exploitable for around three months now.
It’s interesting that iOS 12.1.3 had a security fix for another FaceTime bug, but it took a third party report to get this flaw out to the public.
Disable FaceTime for now
Although Group FaceTime is currently unavailable and this will temporarily fix the bug, it’s probably better to turn off FaceTime for now while Apple prepares the patch.
iPhone and iPad:
- Open Settings
- Scroll down then tap “FaceTime”
- Toggle “FaceTime” off
- Open the FaceTime App
- On the Task Bar, click on “FaceTime”
- Click on “Turn FaceTime Off”
If you are concerned about your privacy and this bug’s massive potential for abuse, disabling FaceTime altogether is your best option. Stay tuned to Komando.com for the latest updates on this serious security issue.