If you use FaceTime to connect with your friends and loved ones, you may have to find another app or return to some more archaic forms of communication for the time being. Late Monday night, Apple disabled its Group FaceTime feature after multiple reports of users unknowingly being recorded by undetected third-parties.
According to a report from the Washington Post, those unwanted and undetected eavesdroppers could “initiate a FaceTime call and begin listening in on a recipient’s audio without them picking up the call or knowing they were being recorded.”
How did those digital rogues start recording people without their knowledge or permission? According to 9to5Mac, who first revealed this issue, there’s a bug in the app that lets a user call anyone and immediately hear the audio coming from the recipient’s phone without that person accepting or rejecting the FaceTime call. To achieve that stealthy bug, a user creates a FaceTime conference call, enters his or her phone number and then adds the number of another person, who never has the luxury of accepting or declining the conference call before audio is transmitted. Just like that, people were secretly recorded.
Prior to Apple disabling the app, Bloomberg News was able to replicate that strategy, adding that video of a caller could also be covertly transmitted if a recipient used the common method of pressing the volume controls or power button on their device to silence the FaceTime call.
Apple plans to release a software update that will correct the issue later this week. Users can take additional precautions by disabling the app on their iPhones, iPads and iPod touches. However, that didn’t keep some notable people from making observations about the privacy breach. On his Facebook page, New York State Governor Andrew Cuomo called the FaceTime bug “an egregious breach of privacy that put New Yorkers at risk.” Additionally, he encouraged New Yorkers to disable the app until a fix was offered by Apple, while urging Apple to “release the fix without delay.”
Similarly, according to The Guardian, Ashkan Soltani, former chief technology officer of the U.S. Federal Trade Commission, called the bug “quite possibly one of the most significant privacy/security bugs the company has had to deal with in recent years (if not ever?).”
In an ironic twist of events, the bug gained attention on Data Privacy Day, a global day of recognition that occurs on January 28 of each year. The holiday is geared toward raising awareness about data security and privacy and promoting protection best practices. The United States, Canada, Israel and 47 European countries observe the holiday. Before the bug was exposed, Apple CEO Tim Cook tweeted, “…On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.”
For a company such as Apple that places a lot of focus on the security and privacy of its customers, the bug could have lasting implications. However, many individuals, including Soltani, are praising Apple for its quick response and action on the situation.
After Apple issues the fix, which is reported to be part of its next software update (iOS 12.2), users who update their software should be able to resume use of the app without fear. However, it isn’t clear yet if users who can’t or don’t install the software update will be protected by the fix when they start using FaceTime again. That leaves a lot of people asking, “When our devices are in earshot, are we always in danger of being bugged? Is that what we signed up for?”