Advertisements

Apple FaceTime bug turns iPhones, Macs into eavesdropping tools

A significant FaceTime bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

The exploit chain is simple:

  • Start a FaceTime Video call with an iPhone contact.
  • Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
  • Add your own phone number in the Add Person screen.
  • You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the Lock screen.

The damage potential here is real. It allows the caller to turn the target’s device’s microphone on and hear what’s happening around it before the person answers the call.

Mac and iOS users are advised to temporarily disable the FaceTime option until Apple comes up with a fix, which they promised to do later this week.

To disable the feature on your iPhone and iPad, do the following:

  1. Open the Settings application
  2. Scroll down and look for the FaceTime icon
  3. Switch the toggle to gray

To disable Face on your Mac, following the below steps:

  1. Open the FaceTime app on your Mac
  2. Click “FaceTime” in the Menu bar
  3. Click “Turn off FaceTime”

Apple has now taken Group FaceTime completely offline. This comes after the company said a fix for the FaceTime calling bug is coming “later this week,” but failed to address specifics.

facetime-group

Advertisements