Apple disables Walkie-Talkie app due to iPhone snooping threat

Posted:
in General Discussion edited July 11
Apple late Wednesday said it disabled the Walkie-Talkie app on Apple Watch after being alerted to a vulnerability that allows a user to surreptitiously listen in on another iPhone's audio.

Walkie-Talkie


In a statement issued to TechCrunch, Apple said it was made aware of the bug through its product security reporting service, which allows developers, researchers and others to flag security and privacy issues via email.

Apple did not specify how the Walkie-Talkie flaw works, but in a statement said the bug "could allow someone to listen through another customer's iPhone without consent." A more detailed rundown might be provided in release notes accompanying a consequent watchOS security update. Whatever the case, the vulnerability is apparently serious enough to prompt Apple to deactivate a major platform feature.

The company told TechCrunch that while the bug has not been spotted in the wild, it has decided to temporarily disable Walkie-Talkie until a fix is in place. Apple will keep the Walkie-Talkie app on user devices as a patch is developed and deployed, suggesting the vulnerability at least partially impacts server-side assets.
We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer's iPhone without consent. We apologize again for this issue and the inconvenience.
Walkie-Talkie was introduced last year as a tentpole feature of watchOS 5. A modern take on push-to-talk communication methods popularized by two-way radios -- and later transformed into a cellular service option by Nextel and other handset makers -- Walkie-Talkie enables Apple Watch users the ability to send ephemeral audio messages to one another through the cloud.

Apple's decision to disable Walkie-Talkie is reminiscent of its handling of the Group FaceTime fiasco earlier this year.

In January, teenager Grant Thompson discovered a particularly insidious bug that allowed any iPhone owner to eavesdrop on another user simply by adding that person's number to a Group FaceTime call. The vulnerability granted access to a target device's microphone without user intervention.

As word of the FaceTime exploit spread, Apple was forced to disable the feature until a fix was rolled in an update issued about a week later.

Thompson, whose mother attempted to inform Apple of the bug multiple times a week before it went viral, was ultimately paid a bug bounty and scholarship for finding the flaw.

Apple has not provided an estimated timeline of completion for the Walkie-Talkie fix.
«1

Comments

  • Reply 1 of 23
    Correct if wrong, but isn't this a first party application? :/
  • Reply 2 of 23
    crowleycrowley Posts: 5,931member
    Correct if wrong, but isn't this a first party application? :/
    Yes.  If it'd been a third party application then Apple probably would've forcibly deleted it and suspended the developer certificate.
    AppleExposedelijahgCarnage
  • Reply 3 of 23
    matrix077matrix077 Posts: 719member
    Correct if wrong, but isn't this a first party application? :/
    Well, FaceTime is also a 1st party app. 
    jbdragonCarnagewatto_cobratyler82
  • Reply 4 of 23
    ivanhivanh Posts: 361member
    So, goes it mean that any government can order Apple to disable any apps, say Telegram, on anyone’s iPhone?
  • Reply 5 of 23
    Disable it temporarily, inform the customers and release a fix quickly = perfect reaction by Apple here. :smile: 
    mike1jbdragonFileMakerFellerlolliverwatto_cobra
  • Reply 6 of 23
    ivanh said:
    So, goes it mean that any government can order Apple to disable any apps, say Telegram, on anyone’s iPhone?
    That has always been the case.  Apple has to follow the laws of each country where they do business.  If a country, say China, says that VPN apps aren't allowed in their country, then Apple has to remove them.  There's nothing to see here regarding the subject of your comment.

    Also, this issue with Walkie-Talkie has nothing to do with governments of any kind.  This is Apple disabling their own 1st party app until they patch it.  Now you can complain that the vulnerability shouldn't have been there.  Fair enough.  It's software though.  There are always going to be bugs.  It's the nature of the beast.  If the same software is continually buggy, say Flash, then complain like there's no tomorrow.
    edited July 11 racerhomie3jbdragonmld53awatto_cobramacxpress
  • Reply 7 of 23
    crowleycrowley Posts: 5,931member
    ivanh said:
    So, goes it mean that any government can order Apple to disable any apps, say Telegram, on anyone’s iPhone?
    Does what mean that?  This article has nothing to do with governments.

    Apple certainly has the ability to disable apps, that's been known for a long time.  Apple has also removed apps from local app stores based on government requests.  Whether they'd abide by a lawful government order to use the killswitch to remove apps from their customer's phones has not yet been tested, to my knowledge.
    jbdragon
  • Reply 8 of 23
    mobirdmobird Posts: 186member

    Photo of the switch seen in Tim Cook's office... ;)

    watto_cobra
  • Reply 9 of 23
    lkrupplkrupp Posts: 7,162member
    ivanh said:
    So, goes it mean that any government can order Apple to disable any apps, say Telegram, on anyone’s iPhone?
    This has already happened in China so what’s your point?
    jbdragonwatto_cobra
  • Reply 10 of 23
    davetdavet Posts: 1member
    We have been unable to make it work anyway. 
  • Reply 11 of 23
    AppleExposedAppleExposed Posts: 1,185unconfirmed, member
    crowley said:
    Correct if wrong, but isn't this a first party application? :/
    Yes.  If it'd been a third party application then Apple probably would've forcibly deleted it and suspended the developer certificate.
    Because it's THEIR store.
    lolliverwatto_cobra
  • Reply 12 of 23
    22july201322july2013 Posts: 716member
    Do the people who discover such bugs get paid? In my opinion, a bug of this magnitude should be worth about $100,000.
  • Reply 13 of 23
    knowitallknowitall Posts: 1,366member
    Why not skip the cloud and cellphone networks and make a real walky-talky app?
    So (encrypted) point to communication via its radio chips (transmit and receive); would also be nice to have for an iPhone.
    Might be very useful when out of network range, also handy to find dogs etc.

  • Reply 14 of 23
    knowitall said:
    Why not skip the cloud and cellphone networks and make a real walky-talky app?
    So (encrypted) point to communication via its radio chips (transmit and receive); would also be nice to have for an iPhone.
    Might be very useful when out of network range, also handy to find dogs etc.

    Nextel died because fewer and fewer people saw value in that type of push-to-talk communication.  Well, that and the fact that Sprint acquired them in one of the dumbest deals in telecom history.  Plus we have plenty of wakie-talkie apps already: Zello PTT, Two Way: Walkie Talkie, Voxer, Intercom... 
    watto_cobra
  • Reply 15 of 23
    22july201322july2013 Posts: 716member
    knowitall said:
    Why not skip the cloud and cellphone networks and make a real walky-talky app?
    So (encrypted) point to communication via its radio chips (transmit and receive); would also be nice to have for an iPhone.
    Might be very useful when out of network range, also handy to find dogs etc.

    You just educated me, thanks. I had assumed it used local transmission of some sort. I googled it and had trouble finding any real explanation of how it works at the hardware level, but it appears to be just a modified version of FaceTime which clearly uses Apple's servers for routing audio. And I agree it should also be made to work on an iPhone/iPad. You have proven yourself to be a know-it-all.
  • Reply 16 of 23
    InthesystemInthesystem Posts: 1unconfirmed, member
    Unfortunately the app never worked for our family anyway. 
  • Reply 17 of 23
    mobird said:

    Photo of the switch seen in Tim Cook's office... ;)

    Why would the switch have a bottom shadow of RGB ( 98 ; 98 ; 98 ) when in the OFF position and a bottom shadow of RGB ( 102 ; 102 ; 102 ) when in the ON position? And why would there be a black shadow on the right of the switch button when OFF but on the left of the switch button when ON? Does the switch move the light source? :wink: 
    dtb200elijahgsphericurahara
  • Reply 18 of 23
    crowleycrowley Posts: 5,931member
    crowley said:
    Correct if wrong, but isn't this a first party application? :/
    Yes.  If it'd been a third party application then Apple probably would've forcibly deleted it and suspended the developer certificate.
    Because it's THEIR store.
    Yeah?  Calm your defense impulse, it wasn't an attack.
  • Reply 19 of 23
    Half baked, it doesn't work half the time, and then there is no macOS or iOS/iPadOS clients, so usefulness is very limited.  Sad since it could be so much more/better...
  • Reply 20 of 23
    This feature is still not working. I'm getting a lot of flack over this, as it is one of the main features used by wife and one of the very few reasons she even wears the Apple Watch.

    I am getting really tired of this ridiculous overreaction to meaningless "vulnerabilities" (a term completely coopted and used to describe things that are nothing of the sort). We're now a week without one of the advertised features of the device.
    libertyforall
Sign In or Register to comment.