A flaw in Apple’s FaceTime app allows users to spy on each other, which has resulted in a Twitter-storm of tweets encouraging iPhone users to disable FaceTime while Apple works on a fix.
Infosecurity contacted Apple, but the company has not responded with comment. According to Apple’s system status page, FaceTime is experiencing an ongoing issue, which one Twitter user demonstrated in a live video. The vulnerability reportedly is impacting OS devices running iOS 12.1 or later, which began on January 28, 2019, at 10:16 pm. As a result, the group FaceTime feature is temporarily unavailable.
Additionally, given the widespread popularity of Apple’s iPhone, New York’s governor, Andrew Cuomo, has issued a consumer alert warning the public that the vulnerability allows other users to receive audio from the device being called, even before the call is answered.
"The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk," Governor Cuomo said in the alert. "In New York, we take consumer rights very seriously and I am deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes. In light of this bug, I advise New Yorkers to disable their FaceTime app until a fix is made available, and I urge Apple to release the fix without delay."
To disable FaceTime, go to settings, and scroll down to FaceTime. Click on the slide to the app off (the slide will no longer be green).
“This bug illustrates the privacy issues caused by surrounding ourselves with devices containing cameras and microphones. Phones, tablets, laptops, smart TVs, and smart speakers contain microphones that can be listening to you at any point,” said Amit Sethi, senior principal consultant at Synopsys.
“If the software on the devices is not malicious and doesn’t contain bugs like this, the microphones should only be on at times you expect. While security controls like permissions and app store reviews are in place, these are not perfect. The problem is that users don’t know when these devices are listening, as most modern devices don’t have an indicator like a LED that turns on whenever the camera and/or microphone is on.
"This is simply the price we pay for the convenience and features that these Internet-connected devices provide. If you need to be 100% certain that you aren’t being recorded, don’t have any Internet-connected devices with microphones or cameras around.”