Major FaceTime privacy bug allows unauthorised eavesdropping

The bug affected the microphone and camera of both iPhones and Macs

Apple FaceTime icon

A worrying bug in Apple's FaceTime application has emerged, which allows callers to gain unauthorised access to a recipient's camera and microphone even when the recipient doesn't answer.

In order to eavesdrop on someone via FaceTime, the caller would have to add another person to the call (that other person can be yourself) while ringing the target iPhone which would grant the caller access to the recipient's phone.

Going one step further, it was later discovered that by pressing a volume button after the microphone bug was triggered, FaceTime would then grant access to the recipient's front-facing camera.

The exploit would function even when 'Do Not Disturb' mode was enabled, and the bug affects iPhones running the latest version of iOS.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It's not just iPhones that were affected either. Tests showed that calls from iPhones to Macs which have a longer FaceTime ring also worked, allowing the caller to eavesdrop on the recipient for even longer.

"Technology bugs occur far more often than the average user may think," said Jake Moore, cyber security expert at ESET UK. "Luckily Apple is usually quick to adapt and patch up the flaws. However, we do not know how long this bug has been around for and if it has been taken advantage of by cybercriminals who exploit these vulnerabilities.

Apple has since released an update, as noted on its System Status page. Group FaceTime has been disabled, presumably as a temporary fix while Apple figures out something more permanent.

In a statement, Apple said that it's "aware of this issue and we have identified a fix that will be released in a software update later this week."

Just last week, Apple had to release a patch to its iOS because of a different FaceTime vulnerability which allowed remote hackers to initiate FaceTime calls from a targeted iPhone.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020