Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bug Communications Software The Courts Apple Technology

Lawyer Sues Apple Over FaceTime Eavesdrop Bug, Says It Let Someone Record a Sworn Testimony (cnbc.com) 173

A lawyer in Houston has filed a lawsuit against Apple over a security vulnerability that let people eavesdrop on iPhones using FaceTime. "His lawsuit, filed Monday in Harris County, Texas, alleges that Apple 'failed to exercise reasonable care' and that Apple 'knew, or should have known, that its Product would cause unsolicited privacy breaches and eavesdropping,'" reports CNBC. "It alleged Apple did not adequately test its software and that Apple was 'aware there was a high probability at least some consumers would suffer harm.'" From the report: The suit says that Williams was "undergoing a private deposition with a client when this defective product breached allowed for the recording" of the conversation. Williams claimed this caused "sustained permanent and continuous injuries, pain and suffering and emotional trauma that will continue into the future" and that Williams "lost ability to earn a living and will continued to be so in the future." The lawsuit also says that iOS 12.1, the latest major release of the iPhone operating system, was defective and "unreasonable dangerous" and that Apple "failed to provide adequate warnings to avoid the substantial danger" posed by the security flaw. Williams is seeking compensatory and punitive damages as a result of the exploit.
This discussion has been archived. No new comments can be posted.

Lawyer Sues Apple Over FaceTime Eavesdrop Bug, Says It Let Someone Record a Sworn Testimony

Comments Filter:
  • by Anonymous Coward

    People like him (acting like dicks) are one of the reasons lots of people can't have nice things (like dinner, for example)

    C*ntish suing like where it is extremely probably someone is purely out for the money should have criminal penalties

    • Yes, it's the reason people can't have leaky Apple widgets.

      And other, ummm... nice things.

  • by Anonymous Coward

    Why do people love lawsuits in the US? Can software ever be foolproof?? Can there ever be bugproof and security proof software? Only idiots think so apparently ...

    • Why do people love lawsuits in the US?

      'cos there's money in them thar lawsuits.

    • by Anonymous Coward

      While software engineers like to call themselves engineers they're not. These people build programs that do have real effect on people's lives. So they should be on the hook when one of those programs to use a metaphor "collapses just like a bridge" And none of this bullshit we sell/license you this program as is. We're not responsable for anything the program does". This kind of bullshit wouldn't fly for real engineers, architects, etc... It shouldn't fly either for software programers or the companies the

      • by Bert64 ( 520050 )

        On the contrary, people should be free to produce software which is not fit for any purpose, just like i can construct a shoddy bridge in my own back garden...

        People should however demand higher standards of the software they buy to entrust with critical aspects of their lives. But the fact is people are willing to accept poor standards in software, and make that choice on a regular basis.

        • People should however demand higher standards of the software they buy to entrust with critical aspects of their lives. But the fact is people are willing to accept poor standards in software, and make that choice on a regular basis.

          We have the unfortunate situation where software developers can't predict every possible way things could go wrong, and many bugs tend not to surface even after testing. If Apple shipped & knew this was a problem, that would be one thing, if they didn't it's another.

      • This isn't a bridge collapsing; this isn't even a crack in the sidewalk.

    • Re:Lawsuit (Score:5, Insightful)

      by jythie ( 914043 ) on Thursday January 31, 2019 @06:31AM (#58049824)
      It is how due to how the US legal system was written. A lot of US regulation depends on DIY justice. Rather than reporting a violation and having the state investigate and enforce, private citizens have to pony up the time and money to take each other to court. So it is less that people love lawsuits and more that is how one actually triggers the legal and regulatory process in many cases.
      • by alexo ( 9335 )

        And who wrote the system, designing it to benefit the lawyers above all else? That's right, lawyers.

        • by jythie ( 914043 )
          The other end of it, it is a great way to shame people from enforcing regulations on businesses. So there is a bit political/cultural advantage in deciding which laws are DIY and which have law enforcement supporting them.
    • Yes, I can easily write software which is guaranteed to be perfect.

      It prints "hello world!" and isn't written in PHP 4. :)

      You actually can prove programs to be correct. It costs twenty times as much to develop provably correct software than normal software. That's actually reasonable for a lot of software that we think of as "firmware", or in fact we may think of it as hardware, but in fact there is software inside, dozens to hundreds of lines of code.

      * In old PHP, "Hello world" had a security problem. It's

      • You're completely "horseshit" level wrong about the words "guaranteed" and "perfect."

        Overstating what is even possible to declare yourself more Virtuous than other programmers just shows you're not competent to evaluate security.

        And spending a bunch of money on correctness would never get you to "guaranteed perfect." That's just a fraudulent lie; you won't find that claim in the service description if you're hiring somebody to write you a set of proofs. The proofs themselves won't even be guaranteed to be b

        • > And golly, if firmware had dozens or hundreds of lines of code, all firmware would run on 8 bit micros, and embedding programming wouldn't even involve considerations about code size.

          In fact millions of 8-bit micros ARE sold every year. Each sold to the consumer with dozens to hundreds of lines of code in it. Another 10 million larger micros contain code that would fit on an 8-bit, but the designer wants to make use of an included hardware peripheral, such as an additional UART, etc.

          You can say "oh gol

          • All the popular 8bit micros come in versions with extra UARTs. And another version with more.

            All the popular micros are part of extensive lineups from lots of code space and few peripherals, to lots of peripherals and little code space. You don't change platforms for a UART.

            No, I wouldn't go and google some basic shit. You're on slashdot. I'm probably a firmware programmer and I responded to your drivel because I understand the topic.

            • I have no doubt that you're capable of writing bad code and putting it on an oversized mcu.

              Surprise surprise, some people can write organized, minimalistic code. Some can even run a theorem prover on it, since it's organized.

              I'm not sure why you're so desperate to want to believe that we can't check whether or not traffic light code correctly goes from green to yellow, never from green to red, for example. (That example being what one of the junior people I helped is doing right now). For some reason you

              • In case it's useful, here's basically the code my friend is proving today:

                BeGreen:
                output GREEN
                wait
                BeYellow
                END

                BeYellow:
                output YELLOW
                wait
                BeRed
                END

                BeRed:
                output RED
                wait
                BeGreen
                END

                You can of course see by inspection that it can never tur

    • by Shotgun ( 30919 )

      Would you prefer calling in a mob hit like is done is less civilized places?

  • What's new doc ? (Score:4, Insightful)

    by Anonymous Coward on Thursday January 31, 2019 @05:31AM (#58049716)

    Lawyers are the scum of the earth. Another episode that confirms this truism.

    • Next time you're in court facing charges, please feel free to represent yourself.
    • It's not just that lawyers are scum of the earth. It's the US has graduated far too many lawyers over the last 2 decades than are needed. The less ethical of these surplus lawyers are suing people for anything they can come up so they can get paid. In essence they abuse the legal system to obtain financial reward for themselves.

      There is nothing unique about this, there are people like this with low moral character in almost every profession. The problem is the court system isn't setup to deal with this and

  • Comment removed based on user account deletion
  • by SlaveToTheGrind ( 546262 ) on Thursday January 31, 2019 @06:09AM (#58049774)

    Just that the bug "allowed for" recording. Gotta watch those lawyers.

    The full complaint is here [courthousenews.com] and makes for some entertaining reading. This 30-page gem was filed by a local personal injury attorney 4 years out of law school [themattoxlawfirm.com] the next day after the plaintiff supposedly found out about the bug. 'Nuff said.

    • by jrumney ( 197329 )
      If he wasn't actually recorded, he probably doesn't have standing. I don't remember the lawyers coming out to sue Toyota over the potential for getting mowed down by cars with stuck accelerators. They at least tracked down Toyota owners who had been involved in accidents to act as proxies.
      • by jythie ( 914043 )
        This.

        If the person had a case of privileged communication actually being recorded due to this bug and the recording getting into the hands of opposing council/police/media, then they might have a case. The potential though? Yeah... no standing.
      • From what I've seen noramlly these lawsuits are dismissed for "failure to state a claim." I don't know if "standing" applies as that the first part the court must recognize is that there is a claim.
    • by mysidia ( 191772 )

      Wait.... he tries to sue Apple in a local county's district court?

      The Apple EULA specifies governing law and jurisdiction, and this local court is not that jurisdiction.
      Apple's response is bound to be remove to federal court, or remove to Santa Clara, California,
      and then afterwards, will get quickly dismissed.

      • Does Facetime require agreement to the EULA before using it - i.e., does it pop a dialog up the first time you run it? I genuinely don't know, since I don't have an iPhone.

      • That is probably not relevant, because that only controls where you argue about the contract details. This isn't an argument about the contract, it as a regular accusation of harm that doesn't rely on promises from the contract.

        EULA terms regulate the use and provisioning of the service, they don't regulate any and all interactions the parties might have.

        The bug seems to exhibit behavior well beyond what would be reasonably expected by what was disclosed; you don't want to push too hard in the wrong directi

    • by Miser ( 36591 )

      Yep. Lawyer is doing word salad. One those "could have maybe perhaps" cases that give lawyers a bad name.

      Apple will probably (pardon the pun) swat him with a bunch of cash to go away. They (Apple) could probably crush him with their army of lawyers but a settlement is quicker and simpler than a big PR mud-fest.

      -Miser

    • Some of these lawsuits seem to be money grabs rather than to get compensation for wrongdoing. I remember a previous lawsuit against Appple over iTunes DRM that was almost thrown out a few years ago. Turns out the lead plaintiffs were not affected by the issue and the lawyers had to find another plaintiff after the court proceeding began that was affected.
    • by anegg ( 1390659 )

      Look at the same issue in a slightly different context: If the deposition had been conducted using landline telephones, and by an accident of the phone system a third-party had been able to overhear the deposition, would a lawsuit against the landline telephone company have merit?

      Apple does claim that the FaceTime technology uses encryption, but I don't think they claim it uses encryption at an assurance level that would make it ok for use in highly sensitive contexts (e.g., would the US government accept

      • by anegg ( 1390659 )

        Look at the same issue in a slightly different context: If the deposition had been conducted using landline telephones, and by an accident of the phone system a third-party had been able to overhear the deposition, would a lawsuit against the landline telephone company have merit? Apple does claim that the FaceTime technology uses encryption, but I don't think they claim it uses encryption at an assurance level that would make it ok for use in highly sensitive contexts (e.g., would the US government accept FaceTime as an approved technical control for preventing the non-disclosure of classified communications [Confidential, Secret, or Top-Secret]?). Stating a claim that a technical control intended to provide a certain level of security in place is one thing. Claiming a particular level of assurance is another. Using a product with a claimed technical control but without establishing sufficient level of assurance of that technical control for sensitive information just shows how ignorant the claimant is. Disclaimer: I use FaceTime, and I like the fact that it uses encryption to make it less likely that my casual communications are dead simple to listen in on by bored techs at an ISP. I'm not so thrilled that Apple let slip into production such a painfully simple-to-exploit vulnerability, and apparently took the better part of a week to react to first reports. [Geezing] Many (many) years ago a I bought a Motorola (analog) cordless phone (when cordless phones were a big deal) because it claimed it provided a "secure" wireless link between the handset and the base. I happened to have a frequency-agile radio receiver that could tune in on the handset-to-base audio, and was disappointed to discover that it seemed to be nothing more than an audio frequency inversion, and that with a few minutes of "training" I found that I could understand the "secure" communications reasonably well. Could a lawyer have sued Motorola if the lawyer used this model of cordless phone, then discovered that it wasn't as "secure" as the lawyer had thought? I think not...

        Futter me with a spanner; I should have actually read the article... I see elsewhere (The Register) that the lawyer isn't suing because he/she conducted a deposition over FaceTime that was accidentally disclosed (possibly) but simply conducted a deposition in a room where someone had an iPhone, and is now concerned that someone (gasp!) could have surreptitiously activate the microphone on the iPhone and listened in? Not knowing that cellphone microphones can be remotely activated by various bugs and tools

        • Well you can be forgiven for not getting the details right. The lawyer on the other hand should be flogged for filing a lawsuit about potentially being recorded.
        • The paperwork filed so far in the lawsuit tells you nothing at all about if the recording happened, and until the bug was disclosed they didn't know how it happened, but knew it had happened, or if it is just speculation and they're filing the suit to force somebody to tell them if in fact the bug caused the deposition to be recorded.

          When something hasn't been disclosed, that means you don't know. It doesn't mean they don't know; it only means they didn't tell you.

  • by DarkOx ( 621550 ) on Thursday January 31, 2019 @07:38AM (#58049988) Journal

    Why did he think bringing a powered on recording device to private meeting where no recording should take place was good opsec?

    Smart phones have no place in a secure facility.

    • by gweihir ( 88907 )

      Indeed. I specifically have one with a removable battery for that purpose. And yes, in some meetings, I do remove that battery.

      • by MobyDisk ( 75490 )

        I do remove that battery.

        But not the other battery.

        • by gweihir ( 88907 )

          There is no "other battery". There is no space for one.

    • Why did he think bringing a powered on recording device to private meeting where no recording should take place was good opsec?

      Smart phones have no place in a secure facility.

      In most lawsuits, the probability of someone in the room being hit during the deposition with a remote attack that turns on recording is so low that it isn't worth worrying about. Nobody in the room would ever start recording on their own personal device because 1) secretly recording stuff is a quick and easy way to end your career, and 2) there's already a court reporter and videographer in the room recording everything, so there's no point anyway.

  • 1. If it's connected, assume you're not protected.

    2. If the glove doesn't fit, you must acquit.

    3. Avoid any large, angry, crazy man arguing with a vendor over the price of a $6 hot dog.

    4. Dumb lawyers who file frivolous lawsuits against multi-billion dollar companies get countersued into bankruptcy.

  • by Anonymous Coward

    If you want a private conversation you should know better than to allow anyone in the room to have an electronic device on them.

  • If so, good luck as SCOTUS has refused to override them.

  • Comment removed based on user account deletion
  • Is there a counter lawsuit that he knew or should have known that there was a possibility of his phone being hacked and the microphone turned on without his knowledge, and that he failed to take reasonable precautions by not having the phone in the room with him?

    I mean, it is not like there has not been a plethora of reports and sci-fi films of this actually happening. There are actually apps out there for turning off microphones and video cameras. I know people that have tape over their cameras, and came

  • That's kind of obvious the guy is only interested in (trying to) make a (huge) profit from the lawsuit while he probably didn't "suffer" much from the bug.
  • My guess is he is hoping Apple will just send him a bit of money to go away so they don't have to deal with the news of this. I expect Apple won't do that, but I bet that is what he is hoping.
  • Oh, I'm sorry snowflake. For future reference: When using a communication device, period, your conversation may be recorded. This includes using your voice when talking in person to someone.

news: gotcha

Working...