Apple’s Group FaceTime: A place for spies?

Credit to Author: Jonny Evans| Date: Tue, 29 Jan 2019 05:30:00 -0800

Apple has disabled Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people’s devices without permission. What’s going on and what can you do about it?

9to5Mac report based on a video published to Twitter by @BmManski that revealed this flaw lets a user listen to audio captured using another person’s device before they accept or reject the call requesting a FaceTime chat. The problem affects only iOS devices running iOS 12.1 or later (pending an update).

In a statement, Apple said it is “Aware of this issue… we have identified a fix that will be released in a software update later this week.”

It appears video captured by the iPhone’s front-facing camera can also be picked up, but only if the person you are contacting taps the Power button on the LockScreen.

Apple has effectively disabled the bug by switching off its Group FaceTime service pending a software patch. Meanwhile users who are concerned about the problem may want to disable FaceTime on their devices.

It is important to note that no one has claimed this fault impacts Macs.

Apple says it will publish a software update to address this bug in the next few days. It has disabled Group FaceTime pending that fix, which is expected to appear later this week.

No. This minor bug will be quashed quickly. It also seems important to note that the audio/video remains available for only a short time while the recipient device rings. The feed stops once the call is rejected.

The big picture is a little more complex.

The existence of a flaw like this one does nothing to dilute the arguments of many privacy advocates who believe users should take tight control of any applications that attempts to use the built-in cameras, microphones, and other functions of the systems that they use.

With extensive protections for privacy and security across its systems, Apple makes it relatively easy to review which apps are attempting to use those features.

To review the apps that use your microphone and camera, you should open the Privacy section in Settings>Privacy where you can review which apps are demanding access to the following software and device features:

It is a good idea to review all of these to ensure that only apps and services you trust can access this information. There are still some apps that (for example) demand access to your Contacts even though they seem to have little need to have that data.

On a case-by-case basis, you should decide which apps you trust less and disable access for them. Doing so may impact the functionality of an app (so replace it), but it also reduces your potential attack surface.

I choose to provide very little access to most social media services and refuse to access Facebook except using Apple’s Safari browser, in part because the app is an energy hog.  

While I see no reason for any great panic about this particular bug, I do think it illustrates a real need to ensure users are given clear visual indicators whenever an app is using their camera or mic, covertly or overtly.

I’d urge platform providers Apple, Google, and Microsoft to ensure this becomes a mandatory feature across all their operating systems in an attempt to help prevent covert or overt surveillance of this type. Such an indication would also provide customers with a small degree of reassurance.

Please follow me on Twitter, and join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss

Leave a Reply