Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Says It Will Fix The FaceTime Bug That Allows You To Access Someone's iPhone Camera And Microphone Before They Pick Up (buzzfeednews.com)

Posted by msmash on from the up-next dept.

Apple said Friday morning that it had a fix for a bug discovered in Apple's video and audio chat service FaceTime this week, which had allowed callers to access the microphone and front-facing video camera of the person they were calling, even if that person hadn't picked up. The security issue is fixed on its servers, the company said, but the iPhone software update to re-enable the feature for users won't be rolled out until next week. From a report: "We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," Apple said in an emailed statement to BuzzFeed News. "We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process."

11 of 63 comments (clear)

  1. Thanks Apple! by 110010001000 · · Score: 2

    Thanks. It is nice to get these small issues fixed.

    -SuperKendall

  2. Is anyone really that supprised? by jellomizer · · Score: 4, Interesting

    Sure it is a big deal security lapse from Apple. So the received/found the problem, analysis the scope of it, stopped the service, sent out communication about the problem. Now they are applying a fix.

    It seems like a responsible course of action.

    I am sure people who hate Apple, because they were beaten up by a hipster a few years ago, will still fault Apple, and make them seem like a pile of idiots who cannot code themselves out of a paper bag. But these things happen, I am actually surprised it doesn't happen more often.

    I am sure all you programmers out there who are smug that their code never got hacked. But is it really skill, or just being lucky, or your program isn't just that popular enough. It can often just be a bad day where your code has a security flaw in it, and coded so it would be difficult for the QC to find it. However within weeks of it being public it was was found as a problem. I myself never had my coded hacked, however this isn't a reason to pat myself on the back, or be smug and judgemental, as I have fixed things in my own code that could had been bad if I didn't catch it. And I never know what else I may have open.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Is anyone really that supprised? by 110010001000 · · Score: 3, Insightful

      I'm not sure how you make a program that accesses the camera and microphone before you click the "answer" button. That is pretty basic stuff.

    2. Re:Is anyone really that supprised? by Solandri · · Score: 2
      Agreed that there's nothing surprising about this. I'm not sure what else submitter expected. "Apple announces it will not fix Facetime bug"?

      I am sure people who hate Apple, because they were beaten up by a hipster a few years ago, will still fault Apple, and make them seem like a pile of idiots who cannot code themselves out of a paper bag.

      I can't speak for everyone. But I hate Apple because they take away your freedom of choice and expression, under the guise of trendiness and security.. In the early 1990s, companies tried to corral us into walled gardens for online access (GEnie, CompuServe, AOL; MSN was originally Microsoft's attempt). We fought hard to make the open Internet the standard for networked communication, where anyone could make any content they wanted available to anyone else in the world, without needing the approval from some corporate or government dweeb. It's painful to watch people naively give up those freedoms and willingly walk into walled gardens like iOS and Facebook because it's the cool thing to do and all their friends are doing it. (I'd include Google, except they at least try to make it easy to get your info in and out, like how you can use alternate stores to get Android apps, not just the Google Play store. So they're more like a garden with open borders.)

      Maybe if the Cold War hadn't ended, things like the Berlin Wall would have remained to serve as a metaphor. So people would be more cognizant of what you're really giving up when you choose to live in a walled garden.

    3. Re:Is anyone really that supprised? by sjames · · Score: 3, Interesting

      Congratulations, you are a small minority who couldn't be affected significantly by the bug. Now is the time for you to use your imagination and recognize that you are a small minority in that regard.

  3. Re:On The Servers... by bobbied · · Score: 2

    Well, the application already has permission to activate the camera and microphone, otherwise the "server" wouldn't have the ability to cause them to be activated.

    So this isn't the fault of the phone or the server. Nor is it the fault of Apple's security model. It's the fault of the face time app. The face time app should never enable the microphone or camera until the user answers the call, regardless of what the server does.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  4. Owning the hardware by sjbe · · Score: 3, Insightful

    You're under the false impression that the user owns the phone; the actual owner (Apple) can choose to do with it as it wants, including letting their servers decide when your sensors are active.

    They do own the phone. The hardware is theirs and Apple cannot get it back. The SERVICES and software the phone uses are not owned by the user. They license or subscribe to those and whatever terms come with them. Yes, these are necessary for the device to be useful but that is a separate discussion from who owns the hardware. This is yet another example of why Apple is a software company, not a hardware company. The hardware is just the pretty box through which they sell their software and services.

  5. Do they collect? by bogaboga · · Score: 2

    "We thank the Thompson family for reporting the bug.

    From all the billions [of dollars] in profit Apple makes, I wonder whether this family will collect. Anyone know?

    That mere "thank you" message from Apple is anemic in my opinion.

    1. Re:Do they collect? by bogaboga · · Score: 2

      Collect what? They would have to prove harm in a lawsuit.

      Collect a reward in form of cold hard cash.

      Apple can surely afford this with zero palpable hit to their bottom line. No need for a lawsuit.

      I also think it'd be good publicity if they did pay up something, no?

    2. Re:Do they collect? by Gilgaron · · Score: 2

      Maybe a Bug Bounty, if you give out money for non-policy/predefined reasons the choosy beggars are going to come out of the woodwork.

  6. It's not a bug by JoeyRox · · Score: 4, Funny

    It's a predictive video and audio caching algorithm. iOS 13 is rumored to add a feature that will pre-shatter your screen when the accelerometer detects the phone is falling.