Major iPhone FaceTime Bug Lets You Eavesdrop on Any iPhone User
A critical bug in iOS 12.1 means you probably want to disable FaceTime, like, right now.
According to Casey Ellis, founder and CTO of crowdsourced security company Bugcrowd,“My biggest concern with this iOS FaceTime bug is the ability to eavesdrop on kids with iOS devices. Younger generations seldom answer the phone on the first go, or even notice — and they are much less likely to patch this issue proactively.”
“I have a daughter who uses FaceTime to message and talk with her friends, and the potential for a young person to do something stupid that could escalate is extremely high with this bug. Thankfully, it’s unlikely to be exploited by Real Bad Guys(™) because of the lack on anonymity inherent in the attack, but I can see kids of all ages pranking each other with it, and bad things happening as a result. This could range from trolling, to bullying, to things that could ultimately constitute a criminal act.
“Facetime calls are easily scripted, and many kiosks and other static applications of iOS devices (think airports, for example) likely have FaceTime-enabled by default. My main concern now is that the fix for the issue is client-side, and clients won’t be updated and will remain vulnerable. The idea of sitting at Newark Airport and having the food-ordering kiosk (which is an iPad) watching as I eat is both a real risk, and creepy.
“The fact that Apple took the backend offline suggests they are working on a server-side fix that would resolve the issue for everyone, which would be a very good thing. Generally, I was impressed with Apple’s response to the bug. They were clear that the root cause was complicated and would take time to fix, and in the meantime, they shut down the FaceTime group service (the culprit in the vulnerability itself) fairly quickly.
“To protect yourself against the Apple IOs FaceTime bug, go to “Settings”, then “FaceTime”, then set the FaceTime slider to off. And don’t forget to protect your family and friends.”