A major FaceTime security flaw has been exposed. It allowed users to hear and see the person they are calling without the call recipient’s knowledge. As a result, Apple took Group FaceTime offline. It said it will address the issue in a software update “later this week”.
Spying on Call Recipient’s Audio…
On Monday, 9to5Mac reported that users could make a FaceTime call and then hear the recipient before the call had been accepted or rejected. The recipient had no idea their mic had gone live. This happened if a user added their own number as well as the recipient’s when making the call, before the person being dialled had picked up. FaceTime then assumed it was an active conference call and supplied the audio of the person being called. This is despite the fact they have not yet answered (via The Verge).
…And Video
The same flaw allowed the recipient’s video to be seen by the person making the call. This happened if, during one of the mistaken conference calls, the recipient pressed the power or volume button on their device to ignore the incoming call.
The issue also affected FaceTime on a Mac. This is particularly significant as the service rings for longer on Mac.
The bug affected any user who has upgraded iOS to have Group FaceTime. As a result, Apple took Group FaceTime offline. The System Status website said the service becoming “temporarily unavailable” at 3.16 AM Tuesday.