Major FaceTime privacy bug allows unauthorised eavesdropping

The bug affected the microphone and camera of both iPhones and Macs

Apple FaceTime icon

A worrying bug in Apple's FaceTime application has emerged, which allows callers to gain unauthorised access to a recipient's camera and microphone even when the recipient doesn't answer.

In order to eavesdrop on someone via FaceTime, the caller would have to add another person to the call (that other person can be yourself) while ringing the target iPhone which would grant the caller access to the recipient's phone.

Going one step further, it was later discovered that by pressing a volume button after the microphone bug was triggered, FaceTime would then grant access to the recipient's front-facing camera.

The exploit would function even when 'Do Not Disturb' mode was enabled, and the bug affects iPhones running the latest version of iOS.

It's not just iPhones that were affected either. Tests showed that calls from iPhones to Macs which have a longer FaceTime ring also worked, allowing the caller to eavesdrop on the recipient for even longer.

"Technology bugs occur far more often than the average user may think," said Jake Moore, cyber security expert at ESET UK. "Luckily Apple is usually quick to adapt and patch up the flaws. However, we do not know how long this bug has been around for and if it has been taken advantage of by cybercriminals who exploit these vulnerabilities.

Apple has since released an update, as noted on its System Status page. Group FaceTime has been disabled, presumably as a temporary fix while Apple figures out something more permanent.

In a statement, Apple said that it's "aware of this issue and we have identified a fix that will be released in a software update later this week."

Just last week, Apple had to release a patch to its iOS because of a different FaceTime vulnerability which allowed remote hackers to initiate FaceTime calls from a targeted iPhone.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020