A jaw-dropping flaw in Apple’s FaceTime software allows for users to eavesdrop on others while a call is still ringing, according to 9to5Mac.
The bug works by simply dialing another user, then swiping up and inserting the originating number via the “Add Person” screen before it is answered. FaceTime apparently is thus tricked into believing that a Group FaceTime conference call is occurring, transmitting audio from the recipient’s device whether or not they have accepted or rejected the call.
Now you can answer for yourself on FaceTime even if they don’t answer?#Apple explain this.. pic.twitter.com/gr8llRKZxJ
— Benji Mobb™ (@BmManski) January 28, 2019
Gizmodo was able to replicate the bug in a matter of seconds simply by following those steps.
According to the Verge, this very serious security issue is compounded by another: While said “conference call” is happening, if the recipient hits the power or volume button to ignore the call, their device will start sending audio as well as video from its front-facing camera, again without any visual notification (though in this instance, it also activates the caller’s audio). That flaw was further confirmed by Mashable and BuzzFeed News, the latter of which noted that activating Do Not Disturb mode appears to at least block microphone access.
We found that the FaceTime bug doesn’t just give the caller access to the recipient’s microphone (except if Do Not Disturb is on)… if they press volume up or down, it exposes their iPhone’s front-facing camera, too https://t.co/t4WA3HfuZG
— nic nguyen (@itsnicolenguyen) January 29, 2019
Read more HERE
