Major FaceTime privacy bug allows unauthorised eavesdropping

The bug affected the microphone and camera of both iPhones and Macs

Apple FaceTime icon

A worrying bug in Apple's FaceTime application has emerged, which allows callers to gain unauthorised access to a recipient's camera and microphone even when the recipient doesn't answer.

In order to eavesdrop on someone via FaceTime, the caller would have to add another person to the call (that other person can be yourself) while ringing the target iPhone which would grant the caller access to the recipient's phone.

Going one step further, it was later discovered that by pressing a volume button after the microphone bug was triggered, FaceTime would then grant access to the recipient's front-facing camera.

The exploit would function even when 'Do Not Disturb' mode was enabled, and the bug affects iPhones running the latest version of iOS.

It's not just iPhones that were affected either. Tests showed that calls from iPhones to Macs which have a longer FaceTime ring also worked, allowing the caller to eavesdrop on the recipient for even longer.

"Technology bugs occur far more often than the average user may think," said Jake Moore, cyber security expert at ESET UK. "Luckily Apple is usually quick to adapt and patch up the flaws. However, we do not know how long this bug has been around for and if it has been taken advantage of by cybercriminals who exploit these vulnerabilities.

Apple has since released an update, as noted on its System Status page. Group FaceTime has been disabled, presumably as a temporary fix while Apple figures out something more permanent.

In a statement, Apple said that it's "aware of this issue and we have identified a fix that will be released in a software update later this week."

Just last week, Apple had to release a patch to its iOS because of a different FaceTime vulnerability which allowed remote hackers to initiate FaceTime calls from a targeted iPhone.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Malicious ‘Dependency Confusion’ packages are stealing password files
hacking

Malicious ‘Dependency Confusion’ packages are stealing password files

2 Mar 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021