Apple users are vulnerable to a bug revealed on Monday that allows malicious third parties to listen in on others' FaceTime video chats, or briefly eavesdrop via video. The bug appears to affect calls to iPhones and Mac computers.
This is big. Turn off FaceTime until Apple releases a fix, and you've updated. HERE IS HOW: Go to Settings, search for “FaceTime,” toggle the switch off (it'll go from green to grey).
The bug lets one user call another user on FaceTime, and automatically begin hearing the other person before they pick up the Facetime call.
The person being called on FaceTime isn't aware that the other party can listen or peek in.
The bug was discussed on social media and first published by 9to5Mac.com, then confirmed by Bloomberg News and others.
It happens when a Facetime user creates a FaceTime conference call, adds in their phone number, and then adds the phone number of another person.
Apple says the issue will be addressed in a software update “later this week”.
Update: There’s a second part to this which can expose video too …
9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.
Here’s how to do the iPhone FaceTime bug:
Start a FaceTime Video call with an iPhone contact.
Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
Add your own phone number in the Add Person screen.
You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.
It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen.
The damage potential here is real. You can listen in to soundbites of any iPhone user’s ongoing conversation without them ever knowing that you could hear them. Until Apple fixes the bug, it’s not clear how to defend yourself against this attack either aside from disabling FaceTime altogether.
As it stands, if your phone is ringing with an incoming FaceTime request, the person on the other end could be listening in.
What we have also found is that if the person presses the Power button from the lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. (Another update: It seems there are other ways of triggering the video feed eavesdrop too.)
[Thanks, Gina]
This bug is amazing. Throw your iPhone into the sea. https://t.co/3vWjShC3HE
— Eva (@evacide) January 29, 2019
Now you can answer for yourself on FaceTime even if they don’t answer?#Apple explain this.. pic.twitter.com/gr8llRKZxJ
— Benji Mobb™ (@BmManski) January 28, 2019
Turn off FaceTime until Apple releases a fix for this y’all.
Settings > Search for “FaceTime” > Toggle the switch from green to grey pic.twitter.com/L0VGhD176Q
— EricaJoy (@EricaJoy) January 29, 2019
Apple spokesperson on FaceTime bug: “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”https://t.co/r6FZKkir4N
— Dieter Bohn (@backlon) January 29, 2019
Let's all Facetime the president!
— Roberto Baldwin (@strngwys) January 29, 2019
Holy shit, you guys, just replicated this at home w/ my spouse. Really and truly: Turn off FaceTime NOW if you have an iPhone. https://t.co/neIHL3OVm3
— Audra J. Wolfe (@ColdWarScience) January 29, 2019
One of the worst bugs i’ve ever seen https://t.co/ptPT3TtNYF
— Jon Passantino (@passantino) January 29, 2019
This is what @nickstatt saw on his iPhone when I hit the power button on my iPhone to dismiss the call. My iPhone showed that it was still ringing. pic.twitter.com/WoCcc0q4uk
— Dieter Bohn (@backlon) January 29, 2019