A major security flaw has been discovered in Apple’s FaceTime app that has serious implications. The bug allows for you to see and listen to a caller even if they do not accept the FaceTime call. The bug was first discovered by 9to5Mac and Apple has acknowledged that it exists. Indeed, the Cupertino company went as far as to disable the new Group FaceTime feature with a promised fix to come later this week.
Replicating the bug is pretty easy.
- Start a FaceTime Video call with an iPhone contact.
- Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
- Add your own phone number in the Add Person screen.
- You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.
Right now the bug only appears to impact Group calls and not individual one-to-one calls but this bug appears to be evolving a bit. At first, it was only thought that a caller could eavesdrop on your audio but it was later discovered that video could also be obtained from the front facing camera.
My recommendation for now, to be as secure as possible, is to disable FaceTime all together. To do this, go to Settings>FaceTime and toggle the switch off. Don’t forget to do it for both your iPhone and your iPad as well as your Mac.
On your Mac, open the app then open up Preference. On the first screen, remove the checkbox for “Enable this account” to turn it off.
Apple has indicated that a fix for this is coming later this week. The sooner of course the better as the implications of this bug have huge privacy impact potential, something Apple touts regularly about their platforms.