FaceTime vulnerability allows spying on Apple users

It is recommended that Apple users disable this app, at least until it is updated

Network security and ethical hacking specialists from the International Institute of Cyber Security reported the discovery of an unpatched vulnerability in FaceTime, the Apple application for making audio and video calls. According to reports, this bug would allow the receiver of a call to be viewed or heard before answering the call.

This incident has become viral on Twitter and other social network platforms, where users have shown their discomfort with this security flaw, as any Apple device could become a spy machine without the victim being able to realize it.

Network security specialists tested an iPhone X (with iOS 12.1.2) to verify the presence of the vulnerability, making sure that the error exists. The test was also successful on a MacBook with the Mojave MacOS.

This flaw, which some experts consider more a design flaw than vulnerability, resides in the FaceTime group call feature, recently launched by Apple. The process to reproduce the error is as follows:

  • Start a FaceTime video call with any contact
  • While dialing the contact, slide up from the bottom of your iPhone screen and select “Add Person”
  • In “Add Person”, add your own number
  • This will initiate a FaceTime group call between you and the person you called, so you can listen to the caller’s receiver, even if the person still does not accept the call

Network security specialists also mentioned that if the person receiving the call presses the volume or the on/off button (to mute or reject the call) the iPhone camera could turn on.

The company said that it has knowledge of the incident and that it is already working on the correction of this bug. As the FaceTime update arrives, Apple decided to temporarily disable the group call feature, the flaw is expected to be corrected over the course of this week.

  • Disable on iPhone or iPad: Go to Settings, scroll down to find the ‘FaceTime’ icon and choose ‘Disable function’
  • Disable on Mac: Open FaceTime on your Mac and click on the upper left corner of the menu bar and then click “Disable FaceTime”