Serious iPhone FaceTime Bug Freaks Users Out Allowing Eavesdropping Pre-Call

apple ces
One of the features that many Apple users were looking forward to with the iOS 12 update that landed in 2018 was the Group FaceTime feature that allowed multiple users to chat and see each other at the same time. A severe bug in group FaceTime has been discovered, and the bug had users understandably upset because it would allow anyone to call via Facetime and hear what the person on the other end of the call was doing without their knowledge. The bug could be exploited to listen via the microphone of the person you are calling and possibly see video from their device before the person even picks up.

The flaw was exploited by adding yourself to a FaceTime call before the person on the other end picks up, by swiping up from the bottom of the screen before the call is answered and adding yourself to the call. That fooled FaceTime into thinking that the call was active, forcing the camera and microphone of the person you were calling to send data. Apple has promised that a fix for the bug would be issued in a patch this week. The flaw reportedly impacts any iPhone devices running iOS 12.1 or later.

Early on when the flaw was first made public, the only way to protect yourself from being exploited using the bug was to disable FaceTime altogether. Apple has now stepped in and done its part to mitigate the bug by disabling Group FaceTime for all users until the patch is issued. Before Group FaceTime was disabled, the user on the other end had no idea that audio, and potentially video, was being sent to the caller; all the victim saw was the accept or decline button on the screen.

For the user device to send video, they had to press the Power button from the lock screen, but if that button was pressed the user had no idea video was being sent to the person on the other end of the FaceTime call. Reports indicate that the same exploit could be used against a Mac if the iPhone calls the Mac computer and since the Mac rings longer by default, the eavesdropping goes on longer.

In a somewhat ironic twist, just before the Group FaceTime bug was made public, Apple CEO Tim Cook posted the following to Twitter:

Needless to say, that comments in that thread are quite humorous as you could imagine given the circumstances.

(Top Image Courtesy Chris Velazco)