CNET

A newly discovered FaceTime bug could pose an eavesdropping problem, and Apple says it will have a fix out later this week.

The bug allows iPhone users to call another device via the FaceTime video chat service and hear audio on the other end before the recipient has answered the call. That is, it can turn any iPhone into a hot mic without the user's knowledge.

That represents a major security concern for Apple at a time of heightened sensitivity to cybersecurity threats. As it turns out, the news broke on Data Privacy Day.

Now playing: Watch this: You should disable Apple FaceTime now

The bug was reported by 9to5Mac and confirmed independently by CNET. 9to5Mac also confirmed that it was able to replicate the bug when making a FaceTime call to a Mac.

We were able to re-create the bug in the CNET offices during a regular FaceTime call. Here's how it happens: After starting a FaceTime session with an iPhone user, swipe up from the bottom of the screen to add another user to the call and add your own phone number. While the phone is still ringing, you'll be able to hear audio from the recipient's phone, even though that person hasn't accepted the call.

The Verge noted that if the recipient rejects the call by pressing the power button, video will also be broadcast from that person's phone. CNET re-created this, getting a second or two of video from the recipient's phone before the call was disconnected.

What Apple's doing about it



In a statement to CNET on Monday, an Apple spokesperson said, "We're aware of this issue and we have identified a fix that will be released in a software update later this week."

Later Monday, Apple's System Status page had been updated to show Group FaceTime as "temporarily unavailable." We weren't able to re-create the bug after this, which suggests the problem has been addressed until the software update can be released.

Apple rolled out Group FaceTime to users in late October with its iOS 12.1 release. The feature lets up to 32 people participate in a video chat at the same time.

News of the vulnerability lit up Twitter. Technology writer Andy Baio, for one, tweeted to warn iPhone users.

"I don't know about you, but I'm disabling FaceTime on my Mac and iPhone until this is resolved," he wrote.

Just tested in our office. The other iPhone rang for a minute, and then the call was marked as "Failed"... but I could still hear everything on the other end. 😱 — Andy Baio (@waxpancake) January 29, 2019

I don't know about you, but I'm disabling FaceTime on my Mac and iPhone until this is resolved. — Andy Baio (@waxpancake) January 29, 2019

Engineering veteran Erica Baker also expressed alarm about the problem.

"This bug is in MacOS as well, so pretty much every Mac laptop in every environment is a hot mic right now," she tweeted.

As 9to5Mac reporter Bejamin Mayo also noted, FaceTime calls to a Mac have the potential to ring (and therefore share audio) for much longer.

FaceTime on Mac rings for much longer than calling an iPhone. It is affected by this bug too, and can therefore act as a spy device for a longer duration (if the person is away from their laptop and doesn’t accept/decline). — Benjamin Mayo (@bzamayo) January 29, 2019

First published at 6:10 p.m. PT.

Update, 6:44 p.m. PT: Adds comment from Apple.

Update, 9:00 p.m. PT: Notes that Group FaceTime is temporarily unavailable.

Update, 10:20 p.m. PT: Adds background information.

'Alexa, be more human': Inside Amazon's effort to make its voice assistant smarter, chattier and more like you.

iHate: CNET looks at how intolerance is taking over the internet.