Tuesday, January 29, 2019

FaceTime Bug Lets Callers Hear You Before You Answer

Users have discovered a bug in Apple's FaceTime video-calling application that allows you to hear audio from a person you're calling before they accept the call—a critical bug that could potentially be used as a tool by malicious users to invade the privacy of others.

Apple: "We're aware of this issue, and we have identified a fix that will be released in a software update later this week." An hour or two after this post went live, Apple disabled Group FaceTime to mitigate the bug.

The bug requires you to perform a few actions while the phone is ringing, so if the person on the other end picks up quickly, they might not be affected. Knowledge of how to use the bug is already widespread.

The steps include:
  • Tap on a contact on your iPhone to start a FaceTime call with them.
  • Swipe up and tap "Add Person."
  • Instead of adding a new person, enter your own number and add yourself as another participant in the Group FaceTime call. more

Updates: What we have also found is that if the person presses the Power button from the Lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. (Another update: It seems there are other ways of triggering the video feed eavesdrop too.) more

Temporary fix. General smartphone security tips.