Apple disables Group FaceTime as it works on privacy bug fix

Posted:
in General Discussion edited January 2019
After the discovery of a bug in FaceTime that allows callers to listen in on a recipient's device, even if they don't pick up, Apple late Monday notified users that the service has been temporarily disabled.

FaceTime
Apple's System Status webpage shows Group FaceTime as unavailable.


Apple quietly announced the takedown on its System Status webpage, which as of this writing shows Group FaceTime as unavailable due to an "ongoing issue." The company does not offer a timeline on a resolution, though a fix to the underlying flaw is in the works.

Earlier today, reports of a particularly nasty FaceTime bug surfaced on social media.

First documented by Benji Mobb on Twitter, anyone can activate the glitch by calling another FaceTime user and manually adding the originating number to the call as a third party. Once added, access to the recipient's microphone is granted even if they do not answer the call.

Through further experimentation it was discovered that camera access is also granted -- however briefly -- when a recipient presses iPhone's power or volume buttons to decline the incoming call.

AppleInsider confirmed the exploit works on current iPhone and Mac devices, including the latest iPhone XS and XR models.

Considering the ramifications of allowing interlopers easy access to microphone and camera hardware, and Apple's staunch commitment consumer privacy, the Group FaceTime takedown does not come as a surprise.

Apple in a statement to media outlets said it is aware of the problem and is working on a fix that should be released later this week. Group FaceTime will presumably be inaccessible until the update is pushed out.

While the service shutdown should solve the issue in the interim, concerned users can disable FaceTime on their devices by navigating to Settings > FaceTime and toggling the FaceTime button to the off position.
«1

Comments

  • Reply 1 of 30
    mobirdmobird Posts: 752member
    https://itunes.apple.com/us/album/somebody-is-watching-me/271260643?i=271260662

    "I always feel like somebody’s watching me
    And I have no privacy
    I always feel like somebody’s watching me
    I can't enjoy my tea
    I always feel like somebody’s watching me
    Can I have my privacy?
    I always feel like somebody’s watching me
    Who's watching me?"
    tyler82
  • Reply 2 of 30
    genovellegenovelle Posts: 1,480member
    I hoped they would be able to deactivate the service on the server side without needing to do an update. They may also be able to introduce a block preventing the step of adding your own number to the call. 
  • Reply 3 of 30
    Thank god they disabled this scary bug.
    magman1979
  • Reply 4 of 30
    Sometimes Apple’s QC is perplexingly sloppy...

    This bug should be easy to fix though... good thing the feature is disabled in the meantime.

    Queue lawsuits... because this is is ambulance chasing America.
  • Reply 5 of 30
    Mr. Cook grandstands as social activist and prattles on about privacy while his bungling engineers have turned the iPhone into a remotely controlled eavesdropping device.  
    edited January 2019 mike54
  • Reply 6 of 30
    This shocking bug is going to hit the front page, apple just can't get a break these days.  They've never been very good at building cloud services, going to get mocked for a long while on this one.
    mike54
  • Reply 7 of 30
    jcs2305jcs2305 Posts: 1,336member
    mobird said:
    https://itunes.apple.com/us/album/somebody-is-watching-me/271260643?i=271260662

    "I always feel like somebody’s watching me
    And I have no privacy
    I always feel like somebody’s watching me
    I can't enjoy my tea
    I always feel like somebody’s watching me
    Can I have my privacy?
    I always feel like somebody’s watching me
    Who's watching me?"
    Rockwell!!  Hahaha 
  • Reply 8 of 30
    larryjwlarryjw Posts: 1,031member
    At least this is a bug, and not a feature. 
    lolliver
  • Reply 9 of 30
    Please trust me when I say I'm a huge Apple fan, but surely at this point there's a growing number of people who agree with the argument that Tim Cook must go? I want Apple to thrive but collapsing quality, pace of design, and terrible pricing strategies are now real problems.
  • Reply 10 of 30
    Yes, let's fire the CEO for a "bug" that is sold as products from Google, Amazon, and Facebook that are eavesdropping 24/7. Makes sense - a software error means they cannot POSSIBLY be serious about privacy!
    markbyrn said:
    Mr. Cook grandstands as social activist and prattles on about privacy while his bungling engineers have turned the iPhone into a remotely controlled eavesdropping device.  
    jony0lolliverlostkiwi
  • Reply 11 of 30
    sdw2001sdw2001 Posts: 18,015member
    Please trust me when I say I'm a huge Apple fan, but surely at this point there's a growing number of people who agree with the argument that Tim Cook must go? I want Apple to thrive but collapsing quality, pace of design, and terrible pricing strategies are now real problems.

    I'm sure they are lining up to hear your opinion.  Tim Cook has made Apple hundreds of billions of dollars.  There is no "collapsing quality."  WTF are you talking about?  Isolated product issues? And, terrible pricing strategies?  Again, WTF are you talking about?  
    jony0lolliver
  • Reply 12 of 30
    Wow - didn't expect that level of sarcasm and 'WTFs' after one comment. When I say collapsing quality, I'm referring to what started as a personal experience - as a past user of iTunes match, my entire Apple Music library was scrambled (a widespread issue) - it then took dealing with an apple engineer for over a year for them to finally accept that the issues were not resolvable, having tried many times to pitch bugs as features to me, and for them to recommend that I abandon my Apple ID as the same bugs were becoming evident across multiple iCloud features, including photos and documents. Since then, we've seen a litany of software failures - iOS 11 was so buggy that the majority of user-facing changes for iOS 12 were pushed back a year. Craig Federighi had to apologise just over 12 months ago for the critical root vulnerability, there have been numerous issues since then - now this. These are no longer isolated cases - we're seeing sustained failures in quality control. I can criticise Apple's execution without that meaning I'm supporting other operating systems or business models. And Tim Cook has grown Apple sure, but he's done it by milking IP and innovations from the Job era. When I say the failed pricing strategy, I'm referring to how this evening we're expecting YOY iPhone revenue to be down 33% - almost no analysts accept Cook's defence that this is solely down to China. I actively agree that Cook was the right person to steer the ship for the first 7 years since Jobs, but I don't think this quality is acceptable and I think someone with vision for the future needs to step in. Can I genuinely and politely ask that if you disagree, can you just argue your point calmly without things like 'WTF' - I don't see why we can't discuss and debate without respect.
    avon b7ivanh
  • Reply 13 of 30
    MplsPMplsP Posts: 3,911member
    Thank god they disabled this scary bug.
    It's actually not that scary - there's no way for anyone to pull this off without you knowing since they have to initiate a facetime call.

    It's a significant bug, but who would have thought to test adding someone to a call before the first person answered? Group facetime is a relatively new feature, so it's perhaps not so surprising that there are bugs. Good for Apple for disabling it so quickly 
    jony0lolliver
  • Reply 14 of 30
    8 days is a short amount of time for things to go public. Typically the responsible disclosure guidelines are a month or more.  That's so that security teams can find ways to address the issues without having to disrupt people using the service normally.  
    lolliver
  • Reply 15 of 30
    magman1979magman1979 Posts: 1,292member
    Whilst this is a serious issue to be sure, the "Tim Cook must go" vitriol never ceases to amaze me from the trolls that IMMEDIATELY thunder onto Apple sites to litter the comment sections. You people need to get a life...

    Yes, this is a BAD bug, no question about it, and it's one that will haunt them for a while, and should've been caught during development, especially considering how long Group FaceTime was delayed for.

    But in the end, Apple quickly acknowledged it, and even went as far as to shut down the offending system to prevent this from becoming an actual issue.

    And yet now we have calls all over the Internet to have Tim Cook and Jonathan Ive's head's on the proverbial silver platters over this, what idiotic BS!

    How many other MASSIVE privacy snafus and monumental bugs made their way into MS and Google products over the years, some of which remain to this day (Stagefight ring a bell?), yet no one calls for those engineers or CEO's heads?
    edited January 2019 fastasleep
  • Reply 16 of 30
    IreneWIreneW Posts: 303member
    MplsP said:
    Thank god they disabled this scary bug.
    It's actually not that scary - there's no way for anyone to pull this off without you knowing since they have to initiate a facetime call.

    It's a significant bug, but who would have thought to test adding someone to a call before the first person answered? Group facetime is a relatively new feature, so it's perhaps not so surprising that there are bugs. Good for Apple for disabling it so quickly 
    "Who would have thought to test that?" This is exactly what you expect an inexperienced engineer to respond. Or a small basement company. Apple are, for good reasons, held to higher standards.
    It shouldn't have mattered if this particular test was written or not, good engineering practice should have ensured that the mic or camera could _never_ be enabled without active users permission (in this case answering the call).
    There is no escaping that Apple''s SW problems are not (only) a QA issue, but is based in sloppy developer habits and poor management (not necessarily on top but at least on team level).

    And, by the way; disabling a complete service is not actually disabling a bug. In that case I have a nice, guaranteed 100% completely bug free app for you to buy here...
  • Reply 17 of 30
    Thank god they disabled this scary bug.
    Darn it. And I was planning on calling 50 people at random for a Group FaceTime later.
    edited January 2019
  • Reply 18 of 30
    IreneW said:

    It shouldn't have mattered if this particular test was written or not, good engineering practice should have ensured that the mic or camera could _never_ be enabled without active users permission (in this case answering the call).
    A nice, simple "experienced engineer's" solution to a problem... that's not really that simple. 

    The minor flaw in your reasoning lies in the rather obvious fact that for the majority of users, the microphone is ALWAYS ON, with the user's permission. (Hey, Siri, anyone?)

    Which switches the issue from simply "enabling" the microphone to under what circumstances is the data stream routed. Further, I'd suspect preliminary streams for video and audio are being setup between all of the participants while the call is being initiated in order to enable "instant" communication and high QOS once the call is actually accepted by all of the parties involved.

    So was it "sloppy" engineering or an emergent, unexpected behavior among quite a few highly complex systems?

    But hey, let's go with the armchair engineer's solution, especially since it fits so nicely with their preconceptions.
    lolliverfastasleepfirelock
  • Reply 19 of 30
    Yawn!
  • Reply 20 of 30
    Whilst this is a serious issue to be sure, the "Tim Cook must go" vitriol never ceases to amaze me from the trolls that IMMEDIATELY thunder onto Apple sites to litter the comment sections. You people need to get a life...

    Yes, this is a BAD bug, no question about it, and it's one that will haunt them for a while, and should've been caught during development, especially considering how long Group FaceTime was delayed for.

    But in the end, Apple quickly acknowledged it, and even went as far as to shut down the offending system to prevent this from becoming an actual issue.

    And yet now we have calls all over the Internet to have Tim Cook and Jonathan Ive's head's on the proverbial silver platters over this, what idiotic BS!

    How many other MASSIVE privacy snafus and monumental bugs made their way into MS and Google products over the years, some of which remain to this day (Stagefight ring a bell?), yet no one calls for those engineers or CEO's heads?
    You can think Apple's software quality is currently poor and not be a troll. I think it's currently poor and am a long time supporter who's read this site daily for over a decade because I'm passionate about Apple at its best. I also don't understand the argument that it's ok because it happens to Microsoft and Google? The whole incredible thing about Apple has historically been because they operated at a level where this type of thing very rarely happened. It now quite commonly happens - I'm not looking at this in a vacuum, it's not 'one little thing', it's a developing trend. I don't see how it's 'idiotic' to question whether Tim Cook is the right leader now when he's ultimately responsible for every aspect of the company's performance.
Sign In or Register to comment.