Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawyer Sues Apple Over FaceTime Eavesdrop Bug, Says It Let Someone Record a Sworn Testimony (cnbc.com)

Posted by BeauHD on from the always-listening dept.

A lawyer in Houston has filed a lawsuit against Apple over a security vulnerability that let people eavesdrop on iPhones using FaceTime. "His lawsuit, filed Monday in Harris County, Texas, alleges that Apple 'failed to exercise reasonable care' and that Apple 'knew, or should have known, that its Product would cause unsolicited privacy breaches and eavesdropping,'" reports CNBC. "It alleged Apple did not adequately test its software and that Apple was 'aware there was a high probability at least some consumers would suffer harm.'" From the report: The suit says that Williams was "undergoing a private deposition with a client when this defective product breached allowed for the recording" of the conversation. Williams claimed this caused "sustained permanent and continuous injuries, pain and suffering and emotional trauma that will continue into the future" and that Williams "lost ability to earn a living and will continued to be so in the future." The lawsuit also says that iOS 12.1, the latest major release of the iPhone operating system, was defective and "unreasonable dangerous" and that Apple "failed to provide adequate warnings to avoid the substantial danger" posed by the security flaw. Williams is seeking compensatory and punitive damages as a result of the exploit.

11 of 173 comments (clear)

  1. What's new doc ? by Anonymous Coward · · Score: 4, Insightful

    Lawyers are the scum of the earth. Another episode that confirms this truism.

  2. Re:No standard on testing - wild wild west by AmiMoJo · · Score: 4, Informative

    Scanning the lawsuit as filed it doesn't actually seem to provide any evidence that his call was illegally recorded. He doesn't seem to have any reason to think that it might have been.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Re:No standard on testing - wild wild west by Zocalo · · Score: 4, Interesting
    You don't generally include the actual evidence in an indictment or similar, only state the facts that you believe you are capable of proving in a court of law. The crux of this claim seems to be Clause 6 of the Factual Background:

    Plaintiff was undergoing a private disposition with a client when the this [sic] defective product breach allowed for the recording of a private deposition."

    "Allowed for the recording" could just mean that the possibility was there, or it could mean that an actual recording took place. No way to tell unless Williams has evidence of the recording, which is possible if you assume that was the reason for the harm and loss of living alledged in Clause 30, which seems rather hyperbolic to say the least; this somehow resulted in "physical pain" and "diminished quality of life"? Unless his client got physical upon finding out or something, I'm not sure how that's supposed to work, and if anything makes this sound much more like an attempt at a cash grab, quite possibly with aspirations for class status.

    --
    UNIX? They're not even circumcised! Savages!
  4. Note he doesn't claim he was actually recorded by SlaveToTheGrind · · Score: 5, Informative

    Just that the bug "allowed for" recording. Gotta watch those lawyers.

    The full complaint is here and makes for some entertaining reading. This 30-page gem was filed by a local personal injury attorney 4 years out of law school the next day after the plaintiff supposedly found out about the bug. 'Nuff said.

  5. Re:Lawsuit by jythie · · Score: 4, Insightful

    It is how due to how the US legal system was written. A lot of US regulation depends on DIY justice. Rather than reporting a violation and having the state investigate and enforce, private citizens have to pony up the time and money to take each other to court. So it is less that people love lawsuits and more that is how one actually triggers the legal and regulatory process in many cases.

  6. Re:No standard on testing - wild wild west by mysidia · · Score: 4, Insightful

    Unless his client got physical upon finding out or something, I'm not sure how that's supposed to work

    It sounds like the loss claimed will be fanciful and theoretical, not actual and certain.

    At most he loses Facetime as a tool for recording these types of depositions in the future, but Apple never marketed Facetime as software secure for sensitive business use, and besides which, there are numerous warranty disclaimers you agree to in the Apple click-through EULA you agree to before using the software, so if you find the software doesn't do what you need, you are not so much as entitled to a refund: Which an attorney using the software for professional purposes has a higher burden than the general public to read and understand --- That is, someone who is an Attorney or legal firm cannot get out of a contract or EULA by claiming the contract was confusing, or they were ignorant, etc.

  7. What about the lawyers own negligence? by DarkOx · · Score: 3, Informative

    Why did he think bringing a powered on recording device to private meeting where no recording should take place was good opsec?

    Smart phones have no place in a secure facility.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    1. Re:What about the lawyers own negligence? by DarkOx · · Score: 4, Insightful

      You are making my point for me. The lawyer's own negligence in this case is partly what endangered his clients privacy. The privacy risks around dumb phones was know 20 years go. People did pull the batteries before going to secure locations (where they did not want tracked) or going to private meetings or (gasp) you left it at your desk and closed the door to meeting room.

      For some reason dumb people now carry smart phones everywhere they go no matter what and you can't remove the battery. I suggest powering it off is sufficient in 99% of cases unless you have specific reason to think you are being targeted in some way. It is a network attached listening device and location beacon though at the end of the day and you should treat it that way. When privacy is a major concern leave it at home / locked in your desk drawer and come get it when your are done or turn the damn thing off.

      Ditto for smart speakers and TVs, should they violate your privacy - no - could they - most certainly, so treat them as such. Maybe put it in the den, but not the bedroom or your home office. I don't know consider the risks and rewards for each situation and make your choices.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  8. Re: I really hope this guy get drop-kicked in the by jellomizer · · Score: 4, Interesting

    Or are you just a pure Apple Hater?

    Americans no matter their political leaning, really don't like the idea of legal suits over small and silly things, where the lawyer then exaggerates the amount of suffering caused. Often shown on TV with the "victim" in a neck brace trope.

    Accidents occur and people get hurt. But the line between frivolous vs necessary legal action is needed. You go to a restaurant, and you get ill the next day, and sue the restaurant, that is frivolous, if you go to the restaurant and dozens of folks get ill the next day, then there is a problem.

    Suing for the quick money grab, will often hinder a businesses ability to do good things, because they have to walk on eggshells and be sure not to break the rules. You may notice this effect if you are at a hospital, and the x-ray tech will not comment if you arm is broken or not, but you wait a half an hour and the doctor walks in glances at the X-Ray and says yep its broken. The reason for this, isn't because the doctor will get paid more for doing this, but because if the tech explains this to a patient, then they are doing a diagnosis that they are not qualified to do. And if the patient does something stupid from that initial diagnosis from the unqualified individual, then the hospital is legally responsible for this.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  9. Re:No standard on testing - wild wild west by MachineShedFred · · Score: 4, Insightful

    Except for the fact that a judge would toss any zero-party consent recording that didn't also have a court order for electronic surveillance applied to it, previous to the recording being made as an illegal search.

    This is no different than what would happen with the recording from an illegal wiretap, or illegal audio bug planted in the room. It would get tossed during evidence discovery, long before any jury would be able to see / hear the recording. And then there would be sanctions for any prosecutor trying to use such evidence.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  10. Re: No standard on testing - wild wild west by MachineShedFred · · Score: 3, Interesting

    More than that, why did he have any phones at all in the room while taking a secret deposition?

    Not like it's news that phones can record audio and transmit it to other people - that's kind of the fucking point.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.