Slashdot Mirror
Lawyer Sues Apple Over FaceTime Eavesdrop Bug, Says It Let Someone Record a Sworn Testimony (cnbc.com)
A lawyer in Houston has filed a lawsuit against Apple over a security vulnerability that let people eavesdrop on iPhones using FaceTime. "His lawsuit, filed Monday in Harris County, Texas, alleges that Apple 'failed to exercise reasonable care' and that Apple 'knew, or should have known, that its Product would cause unsolicited privacy breaches and eavesdropping,'" reports CNBC. "It alleged Apple did not adequately test its software and that Apple was 'aware there was a high probability at least some consumers would suffer harm.'" From the report: The suit says that Williams was "undergoing a private deposition with a client when this defective product breached allowed for the recording" of the conversation. Williams claimed this caused "sustained permanent and continuous injuries, pain and suffering and emotional trauma that will continue into the future" and that Williams "lost ability to earn a living and will continued to be so in the future." The lawsuit also says that iOS 12.1, the latest major release of the iPhone operating system, was defective and "unreasonable dangerous" and that Apple "failed to provide adequate warnings to avoid the substantial danger" posed by the security flaw. Williams is seeking compensatory and punitive damages as a result of the exploit.
Normally illegal recording is inadmissable as well as the fruits Sue the illegal party, and also if a computer or telephony misuse act applies. YMMV.
As for Apple - when did it know? In fact it may be to be compliant with CALEA software - which by definition must answer undetected. It appears a law enforcement backdoor has been discovered - but only one of many. .
People like him (acting like dicks) are one of the reasons lots of people can't have nice things (like dinner, for example)
C*ntish suing like where it is extremely probably someone is purely out for the money should have criminal penalties
Is that anything like "a code"?
WTF? Stackoverflow is invading Slashdot?
Why do people love lawsuits in the US? Can software ever be foolproof?? Can there ever be bugproof and security proof software? Only idiots think so apparently ...
Apple, Microsoft and so many other companies have 0 respect for their users. In some cases, these are forced users because of market monopolies. They force barely tested updates onto people and couldn't give two craps about the consequences on people that result from their junk. It's time that these shody updates start costing those companies in the billions of dollars range every time there's any problem in order to createt a real change to these practices. I'm seriously thinking of proposing this idea to Alexandra Ocasio-Cortez to see if she would run with it. It could even be an innovative way to provide funding for programs!
Lawyers are the scum of the earth. Another episode that confirms this truism.
If Rust was used and all male developers were castrated this would never have happened.
#MeTooFuckYou
Is anathema to consumer protection laws. Regardless of whether his case has merits, people here should meditate on the fact the culture of much of our sector of the economy is one giant middle finger to the laws the rest of the economy operates under. At some point, software should be liable. For example, I have no sympathy for medical device companies that play the dilettante on infosec, particularly in devices inside the human body. If they are going to make it remotely connectable then it needs rock solid, NSA-approved infosec measures.
The fact that we have a wide gradient of people involved is not an excuse to not acknowledge that certain categories of software should have to be "fit for purpose" under the law. Something like FaceTime--which is enabled by default--should be that way given Apple's pockets.
No - the reason is this:
You think this crap will stop at apple? Google? Or purely be limited to them? No. Some asshat thinks he can basically use something that was extremely unlikely to have actually happened, to extort money from apple. "A free lunch" etc.
I hope he gets his ass handed to him. This kind of sueball, because of a monetary incentive is the worst kind of thing that has been allowed to propagate. It serves little purpose. What next? Someone suing you because you offended them by commenting the looked a little sad today?
Just that the bug "allowed for" recording. Gotta watch those lawyers.
The full complaint is here and makes for some entertaining reading. This 30-page gem was filed by a local personal injury attorney 4 years out of law school the next day after the plaintiff supposedly found out about the bug. 'Nuff said.
This will get laughed out of court very quickly unless and until the plaintiff can show actual damages. Without actual damages, there is no standing. Without standing, there is no lawsuit.
From the latest known security flaws.
basically the lowest form of scum lawyer.
Don't all software licenses disclaim all liability and fitness for ANY purpose?
If you want software to be held accountable in this situation, prepare to pay upwards of $1 million per seat.
Let the lawyer suffer. Throw that lawsuit out and bar the lawyer from practice
What moron lawyer would allow a smart phone to be on in a room where this deposition is being given anyways? Any lawyer who knows anything basic about cyber security would make clients turn them off. Does he have an Amazon Echo in his office also?
...global warming started roughly the same time as when the world started churning out lawyers en-masse?
Just gotta wonder the damage they inflict on the planet with all that hot air they generate...
Why did he think bringing a powered on recording device to private meeting where no recording should take place was good opsec?
Smart phones have no place in a secure facility.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
1. If it's connected, assume you're not protected.
2. If the glove doesn't fit, you must acquit.
3. Avoid any large, angry, crazy man arguing with a vendor over the price of a $6 hot dog.
4. Dumb lawyers who file frivolous lawsuits against multi-billion dollar companies get countersued into bankruptcy.
As a software developer, and many here are, if you own an iOS device you've noticed a huge increase in bugs that are so glaringly obvious it's embarrassing. The messaging bugs, updates that brick older devices, losing stored passwords...
The point is simple. Apple needs to slow down and focus on the quality of their product because that's ALL they have going for them right now since they are behind in almost every avenue of technology. It should be very apparent considering the horrible sales of their most recent phones.
Yes, it's the reason people can't have leaky Apple widgets.
And other, ummm... nice things.
If you want a private conversation you should know better than to allow anyone in the room to have an electronic device on them.
If so, good luck as SCOTUS has refused to override them.
Or are you just a pure Apple Hater?
Americans no matter their political leaning, really don't like the idea of legal suits over small and silly things, where the lawyer then exaggerates the amount of suffering caused. Often shown on TV with the "victim" in a neck brace trope.
Accidents occur and people get hurt. But the line between frivolous vs necessary legal action is needed. You go to a restaurant, and you get ill the next day, and sue the restaurant, that is frivolous, if you go to the restaurant and dozens of folks get ill the next day, then there is a problem.
Suing for the quick money grab, will often hinder a businesses ability to do good things, because they have to walk on eggshells and be sure not to break the rules. You may notice this effect if you are at a hospital, and the x-ray tech will not comment if you arm is broken or not, but you wait a half an hour and the doctor walks in glances at the X-Ray and says yep its broken. The reason for this, isn't because the doctor will get paid more for doing this, but because if the tech explains this to a patient, then they are doing a diagnosis that they are not qualified to do. And if the patient does something stupid from that initial diagnosis from the unqualified individual, then the hospital is legally responsible for this.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
...since he's claiming someone recorded a deposition, he will have to prove WHO recorded it and WHEN...basically opening up said deposition to the court, in general, and, if not sealed, to the public.
Otherwise this gets tossed as it's the only proof he'll have
Let's not even talk about the lawyer bringing any type of recording device into a room that shouldn't have anything to record anyways...
Yes, I can easily write software which is guaranteed to be perfect.
It prints "hello world!" and isn't written in PHP 4. :)
You actually can prove programs to be correct. It costs twenty times as much to develop provably correct software than normal software. That's actually reasonable for a lot of software that we think of as "firmware", or in fact we may think of it as hardware, but in fact there is software inside, dozens to hundreds of lines of code.
* In old PHP, "Hello world" had a security problem. It's been fixed.
I do not like siding with corporations... but you bought their product.
Why would you ever have a cell phone in a place that requires security? By now even the most tech ignorant people know that privacy and actual laws are no longer respected when it comes to technology...
You literally bright a remote recording device with (at best) ambiguous security into an environment you didn't want to be shared?
Assume your phone is always violating your rights until there are solid laws on the books preventing this from occurring, sad but safe.
^^ This guy right here for President.
This is the kind of bug Apple should have caught circa ALPHA. They should not have let bullshit code like that make it to beta, let alone releasing it as if it were ready for that. I have been saying for a while that Apple has been using its poor customers as guinea pigs for a while, rather than spending the money on proper code analysis and auditing. This is like when they put out a version of macOS where you could trivially obtain root privileges by logging in as root with no password, is not merely a capital F Fuckup, but a captial FUCK FUCKUP and here is another instance of the same asshattery at Apple. Someone should have gone through the code and made sure that at no point does is allow connection without affirmative user action to accept the call. This is beyond intolerable, this should be regarded as criminal negligence on the part of the corporation and all responsible officers, up to and including Cook.
Shit like this is why I swore off Apple shit products a while ago. I was never personally a fan of Steve Jobs personally or professionally, but at least under him, Apple did not generally fuck up like this, and I think it is well past high time to do something about it. In my case, I am boycotting Apple over their general decline into shittiness until such time as all of those fuckers in senior management (Cook et al) are gone, and Apple gets some real leadership again.
Our reign has gone on long enough. Indeed. Summon the meteors.
I've been depo'ed a couple of times. It was always in a private room with recording devices with lawyers from both sides present to object. This does not sound like a depo. This sounds like he was interviewing a possible witness.
Is there a counter lawsuit that he knew or should have known that there was a possibility of his phone being hacked and the microphone turned on without his knowledge, and that he failed to take reasonable precautions by not having the phone in the room with him?
I mean, it is not like there has not been a plethora of reports and sci-fi films of this actually happening. There are actually apps out there for turning off microphones and video cameras. I know people that have tape over their cameras, and cameras are sold with a sliding door to cover them.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
That's kind of obvious the guy is only interested in (trying to) make a (huge) profit from the lawsuit while he probably didn't "suffer" much from the bug.
Slashdot, fix the reply notifications... You won't get away with it...
Apple accidentally(?) created a listening device which allowed any Facetime-enabled computer in the world to connect to and record video and audio without human intervention on the listening device's end. This is an egregious breach in public trust, and they should be sued for it. If not by this lawyer, and everyone else's lawyer who has an Apple device with Facetime, then at least by every world government on behalf of their citizens.
My guess is he is hoping Apple will just send him a bit of money to go away so they don't have to deal with the news of this. I expect Apple won't do that, but I bet that is what he is hoping.
Apple accidentally(?) created a listening device which allowed any Facetime-enabled computer in the world to connect to and record video and audio without human intervention on the listening device's end. This is an egregious breach in public trust, and they should be sued for it. If not by this lawyer, and everyone else's lawyer who has an Apple device with Facetime, then at least by every world government on behalf of their citizens.
Why? In some jurisdictions it is perfectly legal to record a conversation with only one-party consent. I'm guessing the person making the call and turning on the recording has consented, so everything is kosher.
Oh, I'm sorry snowflake. For future reference: When using a communication device, period, your conversation may be recorded. This includes using your voice when talking in person to someone.
I refuse to sign
There are some things a lab rat won't do.
According the East Bay Times, someone named Michele Thompson told Apple several times about the bug.
Michele Thompson, the mother of the Arizona boy who discovered the bug, said she first started warning Apple about it more than a week before the company took action.
"Thompson said her efforts included multiple tweets, Facebook messages, emails to Apple and calls to the support line over the last week," tech website C-Net reported Tuesday.
"On Jan. 22, she also sent the company’s general counsel a fax about the bug, with her law firm’s letterhead on top. And on Jan. 25 she uploaded a video to YouTube, demonstrating the flaw, and sent it to Apple multiple times."
Apple did not acknowledge the existence of the flaw until reports about it went viral Tuesday.
Having a security flaw in your software is one thing. Not taking action on it for over a week is another thing.
> And golly, if firmware had dozens or hundreds of lines of code, all firmware would run on 8 bit micros, and embedding programming wouldn't even involve considerations about code size.
In fact millions of 8-bit micros ARE sold every year. Each sold to the consumer with dozens to hundreds of lines of code in it. Another 10 million larger micros contain code that would fit on an 8-bit, but the designer wants to make use of an included hardware peripheral, such as an additional UART, etc.
You can say "oh golly gee, if that were true we'd have a bunch of 8-bit micros", but the fact is we have millions of new shipped every year, in addition to the hundred million or so already in operation.
A number of those are doing something that a 555 timer or similar could do, but the mcu is actually cheaper, especially since it doesn't need the external RC network that the 555 needs.
A significant number of the small micros, perhaps even a majority, are running code that can be automatically converted to a lookup table, or a simple state machine. Proving the correctness of a lookup table is trivial*.
You might find it interesting to Google "automated theroem prover" and maybe even download ACL2.
* Incidentally, if you have a function that has a small number of possible inputs and outputs, actually coding it as a look up table can be both fast and reliable.
In case it's useful, here's basically the code my friend is proving today:
BeGreen:
output GREEN
wait
BeYellow
END
BeYellow:
output YELLOW
wait
BeRed
END
BeRed:
output RED
wait
BeGreen
END
You can of course see by inspection that it can never turn from green to red. Nor can it turn yellow if it's currently green. The only things that can happen when it's green are:
It's waiting, remaining green
It turns yellow.
You can also probably imagine how a compiler-like thing could convert that from code to a table, a data structure:
Transitions { // Current state: new states [, new state]
Green: Yellow,
Yellow: Red,
Red: Green
}
Based on that data, which *is* the program, you can imagine how a tool could then mathematically show that you can only get from green to red by going through yellow.
Having proved the code that operates a traffic light, it's then another round of the same thing to prove the code which operates an intersection.
Another round of similar steps proves the operation of coordinated lights on a road - with a simple state table you can prove that light A at intersection X is never red while light B at intersection Z is yellow.
Case is probably bullshit. As much as I hate apple and think a handicapped monkey could build more secure products, I'd bet my money that someone saw the headlines about this and made the entire thing up.
Or, hearing that recording and knowing it will be inadmissible, they pretend to just stumble over the same information in some other manner and claim they were acting on a hunch or just covering all the bases.
Commonly used by cops when they have illegally obtained evidence that can't be presented in court. Did an unwarranted wiretap tell then that a drug shipment would use a certain truck on a certain date? Stop the truck for a broken taillight or whatever and "discover" the drugs during a "safety inspection."