#FAIL: iOS FaceTime Bug Lets You Spy On Other People

Apple’s less than stellar software QA has apparently served up another epic software vulnerability. This time it’s in FaceTime. A major bug in FaceTime lets you connect to someone and hear their audio and video without the person even accepting the call. And this is trivially easy to exploit. Or at least it was trivially easy to exploit for reasons I will get to in a moment, but here’s all that you needed to do. :

  1. Initiate a FaceTime call with someone.
  2. While the call is ringing, swipe up from the bottom of the display.
  3. Tap on the “Add Person” button.
  4. Add your own phone number when it asks for the number of the person to add.
  5. Pwnage

MacRumors posted a video of how to pull this off:

Now if you try this today. It won’t work as it appears that Apple has disabled something on their end to stop this exploit from being used. I say that because on Apple’s System Status page, Group FaceTime is now listed as unavailable.

But it doesn’t change the fact that there are major privacy concerns as you could have used this exploit without the other person’s knowledge. And this is another major security issue that Apple has had to rush to deal with. Not to mention that their QA team which clearly isn’t worth the money that Tim Cook pays them as Apple software is a bit of a mess at the moment clearly couldn’t catch this exploit.

Now Apple is promising via a statement made to Axios that a fix is coming “later this week”. But it’s becoming clearer and clearer that Apple is losing the plot. They used to make quality products that were worth the “Apple Tax” that you are asked to pay for them. But that isn’t the case any more and it is getting harder to harder to justify buying their products if issues like these keep appearing. Never mind the #BatteryGate, or #KeyboardGate controversies. Quite simply, Apple is in free fall.

UPDATE: Here’s a story on how to protect yourself.

7 Responses to “#FAIL: iOS FaceTime Bug Lets You Spy On Other People”

  1. […] today I reported on an absolutely colossal bug where someone can use FaceTime to listen in on another FaceTime user […]

  2. […] problems with that FaceTime bug that allowed people to listen into conversations just got a whole lot worse. Bloomberg is […]

  3. […] This morning I was musing on Twitter about whether Apple would meet their self imposed deadline of “later this week” to fix that epic FaceTime bug: […]

  4. […] are now approaching the end of the second week of the FaceTime bug which is a bug that allows people to listen in on conversations without user interaction or […]

  5. […] yesterday released iOS 12.1.4 to fix that rather horrific FaceTime bug. I should also note that Apple also released a macOS Mojave update to do the same thing. And you […]

  6. […] we go again. Much like this well publicized vulnerability from last year where you could use FaceTime to eavesdrop on others, and which left Apple with egg […]

  7. […] been saying for a couple of years now that Apple’s QA is an #EpicFail as we’ve seen example after example after example of high profile bugs with significant security impacts make it into […]

Leave a Reply

%d bloggers like this: