Apple has taken its Group FaceTime feature offline following the discovery of a bug which reportedly allowed users to eavesdrop on others through the firm’s video calling app.
The software glitch reportedly allows a caller to hear audio – and in some cases see video – from a target device before they either pick up or reject the call.
The company’s system status website now lists FaceTime as having an ongoing issue, with a message attached confirming Group FaceTime is “temporarily unavailable”.
The bug is said to affect devices using versions of iOS 12.1 or later and was first reported by the website 9to5mac, which added that calls have to be made in a particular way in order to exploit the glitch.
It appears to involve the “add person” function of the FaceTime app, confusing it into activating the call recipient’s microphone even before the call is accepted.
In some cases, 9to5mac reported video from the recipient’s device can also be sent before the call is accepted and without the call recipient’s knowledge if they press the power button while on their phone’s lock screen.
The iPhone maker had earlier said it was “aware” of the issue and planned to release a software update later this week to fix the problem.
The incident is embarrassing for the technology giant as it was discovered on Data Privacy Day in the United States, which Apple chief executive Tim Cook had tweeted about, calling for “vital privacy protections”.
Apple has also recently been highlighting its credentials as a company that protects user privacy, using a large billboard overlooking the CES technology trade show in Las Vegas last month to declare “what happens on your iPhone, stays on your iPhone”.
The incident also comes ahead of Apple releasing its latest round of financial results, with investors bracing for bad news after Mr Cook issued a warning in January over falling iPhone sales in China, which he said would impact the company’s revenue.
In the meantime, industry figures including Twitter founder Jack Dorsey have urged users to disable the FaceTime feature as a precautionary measure until Apple fixes the issue.
David Emm, principal security researcher at Kaspersky Lab UK, said: “The audio and video capabilities of smart devices offer great convenience, but if something goes wrong there’s the possibility of hackers being able to intercept information given over calls and audio transmissions and use it for criminal gains.”
“Given that a huge percentage of our population uses Apple phones and tablets, and FaceTime, we as consumers need to be aware of the potential security implications associated with everyday devices and apps. Consumers need to find a compromise between device security and gadget convenience – and they should take preventative steps if they’re concerned about this new vulnerability.”
To avoid being a victim of eavesdropping, Kaspersky Lab recommends consumers to:
- Disable any features that are not needed, or for which there is a known vulnerability, until an update is available which addresses this vulnerability.
- Secure your devices using Internet security software – our research has shown that one in three people (30%) do not protect their devices with security software.
- Think twice before handing over any personal data, such as emails or phone numbers, during FaceTime calls.
- Make sure you apply security updates to your operating system and applications as soon as they are available.