Monday, January 28, 2019

"Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up"

9to5:
A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

...

Until Apple fixes the bug, it’s not clear how to defend yourself against this attack either aside from disabling FaceTime altogether.
MacRumors:
We tested the bug at MacRumors and were able to initiate a FaceTime call with each other where we could hear the person on the other end without ever having pressed the button to accept the call.
Verge:
What’s more, if one of these “fake” conference calls is happening, if the recipient hits the power or volume button to ignore the call, it not only broadcasts audio to your phone but video as well.
Buzzfeed:
After the call recipient pressed the volume-down button, footage from the iPhone 8's front-facing camera could be seen on the iPhone X — even though the call recipient had not answered the call.

...

In a statement, an Apple spokesperson said the company is "aware of this issue and we have identified a fix that will be released in a software update later this week."