Apple rushes to fix FaceTime bug that let users eavesdrop on others

This posting may contain affiliate links for products and services. I only recommend products and services that I use or would use. If you click through and make a purchase, I may receive a commission (at no additional cost to you). Thank you for your support in this way.

The bug turns the phone of the recipient of a FaceTime call into a microphone while the call is still ringing. Photograph: Nicolas Asfouri/AFP/Getty Images

in San Francisco and

Firm disables Group FaceTime over serious glitch which can also turn on video without people’s knowledge

Apple has made the group functionality on its FaceTime application temporarily unavailable as it rushes to fix a glitch that allowed users to listen in on the people they were calling when they did not pick up the call. Under certain circumstances, the glitch also allowed callers to see video of the person they were calling before they picked up.

The Guardian confirmed the existence of the bug, which was first reported by 9to5Mac. It turned the phone of the recipient of a FaceTime call into a microphone while the call was still ringing. If the recipient of the call pressed the power button on the side of the iPhone – an action typically used to silence or ignore an incoming call – their phone would begin broadcasting video to the initial caller.

Apple did not immediately respond to a request for comment from the Guardian. The company told Reuters it was aware of the problem and would release a software update “later this week”.

In the meantime, the Group FaceTime feature was temporarily made unavailable, according to Apple’s system status webpage. By disabling that feature at the source, the company appears to have prevented any further exploitation of the bug.

The flaw was discovered amid increasing concern over privacy by regulators around the globe and – embarrassingly for Apple – was exposed on Data Privacy Day, a global event instituted by the Council of Europe in 2007 to raise awareness among businesses and consumers about the importance of protecting privacy. Hours before the bug was first revealed to the public, Tim Cook, Apple’s chief executive, had tweeted that “the dangers are real and the consequences are too important” to not institute “vital privacy protections”.

The bug was discovered the day before Apple’s quarterly results call, already expected to be a fraught affair due to the company’s unprecedented decision to slash its revenue forecast by at least $5bn (£3.8bn). Cook blamed a slowdown in China for the reduction in earnings, and cited a battery replacement programme, foreign exchange fluctuations, and the end of carrier subsidies for new phones as compounding factors.

Apple has attempted to distinguish itself from rival technology companies such as Google and Facebook by boasting about its privacy record. In early January, the company ran a 13-floor billboard in Las Vegas stating, “What happens on your iPhone, stays on your iPhone” during the Consumer Electronics Show.

While Apple’s decision to shut down Group FaceTime appears to have protected against further attempts to exploit the bug, users wishing for an extra degree of security may wish to disable FaceTime entirely in their phones’ settings (a single switch located under the FaceTime submenu). Apple’s next software update, expected to be iOS 12.2, will be released later this week, the company says, and will contain a permanent fix.

Even then, it is not clear whether, or how, Apple will extend that protection to users who don’t update their phones to the latest operating system, either because they can’t, won’t, or don’t know how to. While the company keeps Group FaceTime switched off, those users are secure, but it remains uncertain whether they would be freshly exposed when the feature is restored.

The immediate reaction to the bug has been shock on the part of privacy and security experts. Ashkan Soltani, the former chief technology officer of the US Federal Trade Commission, called it “quite possibly one of the most significant privacy/security bugs the company has had to deal with in recent years (if not ever?),” and praised the speed with which Apple had disabled Group FaceTime.

As 2019 begins…

… we’re asking readers to make a new year contribution in support of The Guardian’s independent journalism. More people are reading our independent, investigative reporting than ever but advertising revenues across the media are falling fast. And unlike many news organisations, we haven’t put up a paywall – we want to keep our reporting as open as we can. So you can see why we need to ask for your help.

The Guardian is editorially independent, meaning we set our own agenda. Our journalism is free from commercial bias and not influenced by billionaire owners, politicians or shareholders. No one edits our editor. No one steers our opinion. This is important as it enables us to give a voice to those less heard, challenge the powerful and hold them to account. It’s what makes us different to so many others in the media, at a time when factual, honest reporting is critical.

Please make a new year contribution today to help us deliver the independent journalism the world needs for 2019 and beyond. Support The Guardian from as little as $1 – and it only takes a minute. Thank you.