A Teenager Tried To Warn Apple About It's Facetime Security Flaw, But Appears To Have Been Ignored

from the go-to-voicemail dept

By now, you've almost certainly heard about the latest big technology security flaw, in which Apple's FaceTime feature contains a bug that allows a caller using FaceTime to hear through the recipeient's phone while the call was still ringing. This obviously has all kinds of people all kinds of freaked out, since the bug essentially turns any iPhone into a short-burst surveillance bug. This has led some to opine that Apple, which has a fairly decent reputation from a privacy standpoint, is at risk of having that reputation torpedoed over this story.

And that might be all the more the case when the public discovers that Apple was informed of this bug by a teenager and his mother in the weeks running up to the press coverage of it, and did nothing about it.

The Wall Street Journal reports that Grant Thompson, from Tucson, was “setting up a FaceTime chat with friends ahead of a ‘Fortnite’ videogame-playing session when he stumbled on the bug”. It was then that Thompson noticed that he could hear audio from friends who had yet to join the call. Grant quickly told his mother, Michele, and the pair spent a week trying to contact Apple to warn them about the issue. The WSJ say after some calls and faxes they “eventually traded a few emails” with Apple’s security team, but it wasn’t until reports of the bug blew up on Twitter that the decision was made to disable Group Facetime.

This apparently happened a week or so before this all exploded on Twitter and in the media. We've heard stories like this in the past, of course, but it always amazes me that tech companies aren't better about having a unified message across entire companies that staff should want to report this sort of thing up the hierarchy, and those high-ups should jump on addressing these reports both quickly and publicly. Imagine a world where Apple had lauded this teenager for informing the company about the bug and in which Apple had proactively disabled group FaceTime until the bug was resolved? Apple would have come out looking, once again, as though it were looking out for the privacy interests of its users.

Instead, it sure looks like the company was hoping to stick its head in the sand and pretend the bug didn't exist. Or, more charitably, perhaps the company thought it could simply do away with the bug quietly via an update with vague patchlist notes. Either way, it's not a great look.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: facetime, grant thompson, security, security disclosure, warning

Companies: apple