apple, cybersecurity, Facetime, ios, Tech

FaceTime bug lets you see and hear the person you call, even if they don’t answer

Wut.

Image: CHESNOT / GETTY IMAGES

Well this is a serious problem.

A major bug has been discovered in iOS that lets a caller hear and see a person on the other end of a FaceTime call before the call has been answered. That’s right, this massive security screwup means you can take a digital peek into another person’s life — completely without their knowledge. 

As 9to5 Mac reports, the bug is simple to exploit. First, you call someone on FaceTime. Next, before they answer, swipe up and add yourself to the call. That’s it. You can hear through the person’s phone, all without them answering the call. 

This reporter tested the bug out on a willing participant, and was immediately able to hear the audio on the other end. And, shockingly, shortly after the call began the recipient hit the power button to end the call — and then the camera began sending back video. Meaning, I could see and hear the person who had not answered the FaceTime call. 

Interestingly, the person on the other end of this test call could also hear me, though she said she couldn’t see me (to be fair, I do cover my front-facing camera with a sticker). 

We reached out to Apple for comment, and will update this if we hear back. 

In the meantime, maybe go ahead and cover up that front-facing camera. 

UPDATE: Jan. 28, 2019, 5:11 p.m. PST: An Apple spokesperson provided the following comment:

“We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”

In other words, for the next week (at least) you definitely need a front-facing camera cover. Oh, and maybe watch what you say before you answer any FaceTime calls. 

Cms%252f2019%252f1%252fd70634e6 849f ce0e%252fthumb%252f00001.jpg%252foriginal.jpg?signature=lcsnpzd6tntfubzbj 1wnc0gnp8=&source=https%3a%2f%2fvdist.aws.mashable

 

!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window._geo == ‘GB’) {
fbq(‘init’, ‘322220058389212’);
}

if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}

Source link