Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Bug IOS Apple Technology

Apple Says It Will Fix The FaceTime Bug That Allows You To Access Someone's iPhone Camera And Microphone Before They Pick Up (buzzfeednews.com) 63

Apple said Friday morning that it had a fix for a bug discovered in Apple's video and audio chat service FaceTime this week, which had allowed callers to access the microphone and front-facing video camera of the person they were calling, even if that person hadn't picked up. The security issue is fixed on its servers, the company said, but the iPhone software update to re-enable the feature for users won't be rolled out until next week. From a report: "We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," Apple said in an emailed statement to BuzzFeed News. "We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process."
This discussion has been archived. No new comments can be posted.

Apple Says It Will Fix The FaceTime Bug That Allows You To Access Someone's iPhone Camera And Microphone Before They Pick Up

Comments Filter:
  • by 110010001000 ( 697113 ) on Friday February 01, 2019 @10:49AM (#58055346) Homepage Journal
    Thanks. It is nice to get these small issues fixed.

    -SuperKendall
  • by jellomizer ( 103300 ) on Friday February 01, 2019 @10:53AM (#58055368)

    Sure it is a big deal security lapse from Apple. So the received/found the problem, analysis the scope of it, stopped the service, sent out communication about the problem. Now they are applying a fix.

    It seems like a responsible course of action.

    I am sure people who hate Apple, because they were beaten up by a hipster a few years ago, will still fault Apple, and make them seem like a pile of idiots who cannot code themselves out of a paper bag. But these things happen, I am actually surprised it doesn't happen more often.

    I am sure all you programmers out there who are smug that their code never got hacked. But is it really skill, or just being lucky, or your program isn't just that popular enough. It can often just be a bad day where your code has a security flaw in it, and coded so it would be difficult for the QC to find it. However within weeks of it being public it was was found as a problem. I myself never had my coded hacked, however this isn't a reason to pat myself on the back, or be smug and judgemental, as I have fixed things in my own code that could had been bad if I didn't catch it. And I never know what else I may have open.

    • by 110010001000 ( 697113 ) on Friday February 01, 2019 @11:04AM (#58055414) Homepage Journal
      I'm not sure how you make a program that accesses the camera and microphone before you click the "answer" button. That is pretty basic stuff.
    • Agreed that there's nothing surprising about this. I'm not sure what else submitter expected. "Apple announces it will not fix Facetime bug"?

      I am sure people who hate Apple, because they were beaten up by a hipster a few years ago, will still fault Apple, and make them seem like a pile of idiots who cannot code themselves out of a paper bag.

      I can't speak for everyone. But I hate Apple because they take away your freedom of choice and expression, under the guise of trendiness and security.. In the early

    • I am sure all you programmers out there who are smug that their code never got hacked. But is it really skill, or just being lucky, or your program isn't just that popular enough.

      I have no opinion of what the bug says about Apple. But, just to clarify here, this was not a case of their product being "hacked." All that was required to exploit it was to dial somebody and, while ringing, add them to an existing group conversation (or something similar).

    • by sjames ( 1099 )

      A responsible course of action would be to fix the bug by making the client wait for the called party to answer before making the microphone and camera hot no matter what the server says.

      Apple says they fixed this on the server. That is, the client still makes the mic hot before you answer, it's just that the server doesn't relay it. No app should transmit your microphone or camera without some affirmative action from you commanding or permitting it. Anything else is irresponsible.

  • by Anonymous Coward
    You know it's bad when a 14 year old with no coding experience discovers a major security flaw bug a multi billion dollar tech company couldn't find, emails it to Apple tech support, then nothing happens for a week till it's headline news. People aren't going to keep buying into this North Korean business model if the prices continue to rise faster than hardware quality and the redeeming quality of security is reduced to being seen as far less secure.
  • by bogaboga ( 793279 ) on Friday February 01, 2019 @11:17AM (#58055464)

    "We thank the Thompson family for reporting the bug.

    From all the billions [of dollars] in profit Apple makes, I wonder whether this family will collect. Anyone know?

    That mere "thank you" message from Apple is anemic in my opinion.

    • Collect what? They would have to prove harm in a lawsuit.
      • Collect what? They would have to prove harm in a lawsuit.

        Collect a reward in form of cold hard cash.

        Apple can surely afford this with zero palpable hit to their bottom line. No need for a lawsuit.

        I also think it'd be good publicity if they did pay up something, no?

        • Maybe a Bug Bounty, if you give out money for non-policy/predefined reasons the choosy beggars are going to come out of the woodwork.
  • by JoeyRox ( 2711699 ) on Friday February 01, 2019 @11:28AM (#58055522)
    It's a predictive video and audio caching algorithm. iOS 13 is rumored to add a feature that will pre-shatter your screen when the accelerometer detects the phone is falling.
  • I don't like to play entitled, but this sort of bug is the sort of bug that you stay up all night to fix immediately.
    • by dgatwood ( 11270 )
      No, we did fine without group FaceTime for years. This is the sort of bug where there right thing to do is shut it down (as they did) and not turn it back on until they’re certain that they have it right. If that takes a week, fine. If that takes a year, also fine. You do not screw around with these sorts of things.
  • The report on the "fix" reveals a fundamental design flaw. They say they fixed the issue ON THE SERVER.

    That means the CLIENT on the phone is expected by design to start sending audio and video as soon as a call comes in (before you answer).

    If it was anything like properly designed, the client would never under any circumstances transmit from the mic or the camera unless and until the called party chooses to answer.

    • Important point - thanks.

  • So a patch for iOS7 for my iPhone 4 will be available soon?

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...