The bug affects calls to iPhones and reportedly impacts calls to Macs, potentially turning any device into a hot mic.

facetime-11
A major bug is affecting the security of FaceTime calls.

CNET

A major FaceTime bug has been uncovered allowing iPhone users to call another device via FaceTime and hear audio on the other end, before the recipient has answered the call.

The bug, reported by 9to5Macand confirmed independently by CNET, has the ability to turn any iPhone into a hot mic without the user’s knowledge, representing a major security concern for Apple. 9to5Mac also confirmed that it was able to replicate the bug by making a FaceTime call to a Mac.

We managed to recreate the bug in the CNET offices during a regular FaceTime call. After starting a FaceTime call with another iPhone user, swipe up from the bottom of the screen to add another user to the call and add your own phone number. While the phone is still ringing, you’ll be able to hear audio from the recipient’s phone, even though they haven’t accepted the call.

The Verge also spotted that if the recipient rejects the call by pressing the power button, video will also be broadcast from their phone. CNET recreated this, getting a second or two of video from the recipient’s phone before the call was disconnected.

In a statement to CNET on Monday afternoon an Apple spokesperson said, “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”

Late on Monday night, Apple’s System Status page had been updated showing group FaceTime as “temporarily unavailable.” We weren’t able to recreate the bug after this, so hopefully the problem has been solved until the software update can be released.

The issue lit up Twitter, with technology writer Andy Baio tweeting to warn iPhone users of the issue.

“I don’t know about you, but I’m disabling FaceTime on my Mac and iPhone until this is resolved,” he wrote.

Andy Baio

@waxpancake

1. Start a FaceTime video call.
2. While it’s still ringing, swipe up from the bottom of the screen and click “Add Person.”
3. Add your own phone number to the call.

You’ll now be able to hear the microphone from the other device, even if the owner is nowhere nearby.

Andy Baio

@waxpancake

Just tested in our office. The other iPhone rang for a minute, and then the call was marked as “Failed”… but I could still hear everything on the other end. 😱

364 people are talking about this

Andy Baio

@waxpancake

Just tested in our office. The other iPhone rang for a minute, and then the call was marked as “Failed”… but I could still hear everything on the other end. 😱

Andy Baio

@waxpancake

I don’t know about you, but I’m disabling FaceTime on my Mac and iPhone until this is resolved.

452 people are talking about this

Engineering veteran Erica Baker also expressed alarm over the bug.

“This bug is in MacOS as well, so pretty much every Mac laptop in every environment is a hot mic right now,” she tweeted.

As 9to5Mac reporter Bejamin Mayo also noted, FaceTime calls to a Mac have the potential to ring (and therefore share audio) for much longer.

Benjamin Mayo

@bzamayo

FaceTime on Mac rings for much longer than calling an iPhone. It is affected by this bug too, and can therefore act as a spy device for a longer duration (if the person is away from their laptop and doesn’t accept/decline).

See Benjamin Mayo’s other Tweets

Update, 6:44 p.m. PT: Adds comment from Apple.

Update, 9:00 p.m. PT: Updates story to reflect that group FaceTime is temporarily unavailable.

LEAVE A REPLY

Please enter your comment!
Please enter your name here