A significant bug has been discovered in Apple’s FaceTime feature, allowing someone to listen in on the person they are calling, and see through their front-facing camera, without them even picking-up the call.
The bug, revealed on Monday by the 9to5Mac website, works by fooling a recipient’s iPhone into thinking a group call, which involves more than two people, has already started. The software is then confused into activating the recipient’s microphone, even if the call has not been accepted.
There’s more too, if the recipient presses the volume down button or the power button to try to silence or dismiss the call, their camera turns on as well. All the while, the recipient’s phone displays the usual incoming call screen, but unbeknownst to them, their microphone/camera are streaming.
Certo has confirmed that this bug currently affects devices that are running iOS version 12.1 or newer. It also affects Mac users when they are called from an iPhone.
Apple have acknowledged the issue and have announced that a fix “will be released in a software update later this week”. Meanwhile, Apple’s status page shows it has disabled the ability for users to make group calls on FaceTime, in an attempt to prevent any further exploitation of the bug.
If iPhone/iPad users are still concerned, they can disable FaceTime on their devices until Apple’s software updates have been released:
On an iPhone/iPad, go to Settings > FaceTime, and tap the green toggle button at the top of the screen. On a Mac, open the FaceTime app and click FaceTime in the menu bar at the top of the screen, then click “Turn FaceTime Off.”
The announcement of this flaw is unfortunate for Apple as it coincided with global Data Privacy Day and happened just weeks after they flew a banner at the CES tech expo in Las Vegas highlighting their commitment to data privacy.
Concerned about Commercial iPhone Spyware?
It seems likely that this bug will be patched by Apple quite quickly, but nonetheless there are still options available for those looking to eavesdrop on another’s device. Certo’s industry-leading spyware detection tool can check your device in a matter of minutes and will alert you if your device contains spyware, even if its completely hidden.