A FaceTime bug allows iPhone users to call another iPhone or Mac and hear the recipient’s audio before they even accept or reject the call, 9to5mac.com reports.
The website included steps to recreate the bug, which can be triggered when you access FaceTime’s group call feature and then add your own phone number. Writer Benjamin Mayo notes that the bug only works when you FaceTime someone whose OS supports the group feature. Engineering Manager Erica Baker has confirmed in a tweet that the bug also exists in MacOS.
It was later discovered that the flaw applies to video too: If the recipient attempts to reject the call by pressing the power or volume button, both audio and video from the recipient’s front-facing iPhone camera are broadcast to the caller without their knowledge, both the Verge and BuzzFeed confirmed.
As news of the bug began to spread online late Monday, an Apple spokesperson issued a statement: “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”
We remember how people were quick to make jokes when Apple first announced FaceTime group calls. Well, nobody’s laughing now. This bug could have existed for three months since group FaceTime was introduced on Oct. 30 along with iOS 12.1 following a delay, warns the Verge.
Websites that have reported on the bug have encouraged readers to temporarily disable FaceTime. CNET outlined steps to doing this on different devices.
Even Gov. Andrew Cuomo (D-N.Y.) has issued a consumer alert late Monday on the bug that is “an egregious breach of privacy that puts New Yorkers at risk.” He advised all “New Yorkers to disable their FaceTime app until a fix is made available, and I urge Apple to release the fix without delay.”
Wow, NY Governor Cuomo issues statement on FaceTime issue pic.twitter.com/ECWBp7AbXS— Mark Gurman (@markgurman) January 29, 2019
Cybersecurity specialist Marcus J. Carey, tech writer Andy Baio, and YouTuber Marques Brownlee are among the experts who warned users about FaceTime’s risks and encouraged people to disable it.
1. Start a FaceTime video call.— Andy Baio (@waxpancake) January 29, 2019
2. While it's still ringing, swipe up from the bottom of the screen and click "Add Person."
3. Add your own phone number to the call.
You'll now be able to hear the microphone from the other device, even if the owner is nowhere nearby.
I don't know about you, but I'm disabling FaceTime on my Mac and iPhone until this is resolved.— Andy Baio (@waxpancake) January 29, 2019
Tried this— Marques Brownlee (@MKBHD) January 29, 2019
Disabled Facetime https://t.co/DsWK7t9il2
The FaceTime bug definitely proves that your phone can be used as a remote listening device "without any authentication".— Marcus J. Carey (@marcusjcarey) January 29, 2019
The Facetime bug works in both iOS and MacOS, so now would be a good time to disable Facetime on everything and then pour out a 40 for the Apple security team.— Eva (@evacide) January 29, 2019
Me trying to make sure my Facetime is completely turned off 👀 pic.twitter.com/volBgNvxEd— Complex (@Complex) January 29, 2019
It’s like people’s worst nightmares about their iPhones have come to life. Naturally, Twitter had a meltdown, imagining the ways this FaceTime bug could ruin their lives and relationships.
“Imagine hanging out with your boyfriend and your husband calls on FaceTime with the new bug,” user @Wiintrr tweeted.
When you try use the FaceTime bug to ease drop on your wcw but you hear her moaning in the background pic.twitter.com/BGo8Cs3trL— D² (@donnyrns) January 29, 2019
When you call yo girl using FaceTime and hear her getting dicked down by that one coworker she told you not to worry about. pic.twitter.com/2gosuPDzVL— Asap Virgo (@AsapVirgo) January 29, 2019
Users like @bmmanski are clamoring for an explanation from Apple:
This couldn’t have come at worse time for Apple. Just before the bug went viral online, CEO Tim Cook tweeted that we must “all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important,” in time for Data Privacy Day on Monday. It was also discovered the day before Apple is set to report its quarterly earnings on Tuesday, following initial warnings from Cook that iPhone sales have tanked, according to CNET. To think Apple also only recently addressed a FaceTime security bug that let hackers make a FaceTime call from an iPhone, BuzzFeed points out.
Apple’s recent CES banner that proclaimed “What happens on your iPhone, stays on your iPhone” apparently no longer rings true.