Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Bug in FaceTime Allows One To Access Someone's iPhone Camera And Microphone Before They Answered the Call; Apple Temporarily Disables Group FaceTime Feature (thenextweb.com)

Posted by msmash on from the happy-data-privacy-day-to-you,-too dept.

Social media sites lit up today with anxious Apple users after a strange glitch in iPhone's FaceTime app became apparent. The issue: It turns out that an iPhone user can call another iPhone user and listen in on -- and access live video feed of -- that person's conversations through the device's microphone and camera -- even if the recipient does not answer the call. In a statement, Apple said it was aware of the bug and was working to release a fix later this week. In the meanwhile, the company has disabled Group calling functionality on FaceTime app. From a report: The issue was so serious that Twitter CEO Jack Dorsey, and even Andrew Cuomo, governor of the state of New York, weighed in and urged their followers to disable FaceTime. [...] That's bad news for a company that's been vocal about privacy and customer data protection lately. The timing couldn't be worse, given that Apple is set to host its earnings call for the October-December quarter of 2018 in just a matter of hours.

3 of 88 comments (clear)

  1. Programmers that are trying to make things work by raymorris · · Score: 4, Insightful

    Programmers who are accustomed to desktop applications, where there is one user, are in the habit of making things work. You click the button, it does the thing. Somebody calls someone else, they can see and hear each other.

    Many of the "omg how stupid can you be?!" bugs are of the "make sure it does NOT work when it's not supposed to" variety. Once you connect an application to the internet, you have to think in terms of when things should NOT happen and test for that. Programmers who learned writing Windows desktop apps don't think in that frame of mind.

    For decades one of the most popular sayings in programming was "garbage in, garbage out". That's no longer an acceptable way of thinking. That garbage that comes out, random bytes from RAM, can include your private key. Once your application is on the internet, it has to be "garbage is the default thing I'm expecting, and leads to DENIED out. Only if input exactly matches the specification will you get anything out". It's a different way of thinking.

  2. Re: How did this happen? by cyber-vandal · · Score: 3, Insightful

    What is your bug-free development methodology?

  3. The time when Apple wrote better software by ReneR · · Score: 3, Insightful

    is unfortunately long over: https://twitter.com/search?q=p... :-/ RIP