Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]

[MacRumors]

While it only made the news yesterday, it appears Apple was alerted to a major FaceTime privacy bug over a week ago.

Twitter user MGT7500 tagged the official Apple Support account in a January 20 tweet claiming that her 14-year-old son discovered a "major security flaw" that allowed him to "listen in to your iPhone/iPad without your approval." The user also tagged Tim Cook on the issue in a follow-up tweet on January 21.

My teen found a major security flaw in Apple's new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews - MGT7 (@MGT7500) January 21, 2019

@tim_cook This is real...trying to get Apple's attention to get this addressed. I'm just a mom of a teenager who found a huge problem in your new update. I've verified it myself...someone from Apple should respond to us. https://t.co/S6qyXts6GF - MGT7 (@MGT7500) January 21, 2019

Once the bug started making headlines on Monday, the Twitter user then shared additional tweets claiming that they had also emailed Apple's product security team over a week ago. A screenshot of the email was shared, and it appears the team did respond, but what they said is not visible in the screenshot.

One of many emails sent to Apple 1 week ago attempting to report the Group FaceTime bug. @cnbc @cnn @foxnews @9to5mac pic.twitter.com/l9IFMZmKh6 - MGT7 (@MGT7500) January 29, 2019

FYI- I called, FB messaged, faxed, emailed and tweeted Apple exhaustively last week to no avail. Submitted official bug report also. Tried to keep it private b/c of the security concerns. Never heard from them. - MGT7 (@MGT7500) January 29, 2019

The user acknowledges having wanted to receive a monetary reward under Apple's bug bounty program, but she claims she still proceeded to alert Apple to the bug by phone, fax, and with an official bug report nonetheless. She also wanted to keep the bug private, but she did tweet Fox News about it.

All in all, there is evidence that Apple Support was tagged about an eavesdropping bug eight days before it made headlines, and if the rest of the tweets are truthful, the company was also alerted about the bug via several other avenues.

Apple has temporarily disabled Group FaceTime, as adding your own phone number to a FaceTime call was the underlying cause of the bug, while it rushes to prepare a software update with a permanent fix. Apple said that update will arrive "later this week," but it wouldn't be surprising to see it today.

Apple did not immediately respond to our request for comment about when it discovered the bug and how long it existed.

Update: John Meyer reached out to the Twitter user and has shared a video about the FaceTime bug that he says was recorded and sent to Apple on January 23. Meyer has apparently confirmed the veracity of this info by phone.

VIDEO: Here is a video, recorded & sent to Apple by a 14 yr old & his mom, on JAN 23rd, alerting them to the dangerous #FaceTime bug, that has threatened the privacy of millions. I've removed sensitive / private info on behalf of the mother (an attorney), whom I just spoke to. pic.twitter.com/YIBKXEP3mI - John H. Meyer (@BEASTMODE) January 29, 2019

Article Link: Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]

 

[drinkingtea]

Wow. Apple should have been more transparent about this issue and it should have immediately disabled Group FaceTime. Immediately. For a company that touts privacy and security as its main focus, this is inexcusable.

 

[motm95]

If true, this is not good given the the true severity of this bug.

 

[Rob_2811]

"We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important."

Tim Cook - January 28th 2019.

 

[Bornee35]

"She also wanted to keep the bug private, but she did tweet Fox News about it." riiiigghhhtt

 

[newyorksole]

Wow. I’m actually surprised Apple didn’t take action sooner. Seems like they care more when these things make headlines.

But also, I’m sure not a ton of people discovered this.

 

[Rob_2811]

"She also wanted to keep the bug private, but she did tweet Fox News about it." riiiigghhhtt

Once the issue was already making headlines. The tweet that tags Fox is from yesterday

 

[pat500000]

A week ago? It was intentional then. If alerted and didn’t resolve it asap...it was intentional,

Tim (FaceTime bug iPhone recording: it’s okay phill....enhancing our phone price will be amazing...

 

[otternonsense]

There's no iOS patch for lost trust.

 

[Plutonius]

Does this affect iOS 10 or only iOS 12 ?

 

[flakk-jakket]

Asking for money + going to FOX "news" = zero credibility

 

[Rob_2811]

Asking for money + going to FOX "news" = zero credibility

Again, it was already public by time she tweeted Fox/CNN/CNBC. Nothing wrong with claiming a bug bounty either.

EDIT: Just seen the message she sent to Fox 8 days ago, no idea what she did that for, still Apple should've responded to her emails.

 

[12vElectronics]

This is the turning point for me regarding privacy. Apple has lost my trust.

 

[Plutonius]

I wonder if there is a patch for lost trust.

I think the trust patch was lost after all the issues in the MacBook Pro.

It's obvious to most that Apple is a large corporation that is concerned primarily with stock prices.

 

[ugahairydawgs]

She also wanted to keep the bug private, but she did tweet Fox News about it.

Truthfully though....this is a major blunder on Apple's part. I'm sure they get an inordinate amount of bug reports, both major and minor, every day. But when someone puts this on your radar on multiple fronts and it goes completely unanswered it's a sign that the review process if fundamentally flawed.

If this lady reported it on the 21st the Group FaceTime service should have been offline no later than the 22nd and there should have been a press release detailing the issue and the corrective action. Instead it sat there for a week until it blew up in their face.

No way to spin this other than a massive failure by Apple. Hopefully they learn from it and are better for it going forward.

 

[iapplelove]

Meanwhile more emojis !

 

[ugahairydawgs]

Does this affect iOS 10 or only iOS 12 ?

Group FaceTime isn't a thing pre-iOS 12.1

 

[1050792]

Yet they claim they care about privacy, marketing 101.
I wonder how can people still defend Apple in this case.

 

[Solver]

It’s hard for some unknown individual to talk about some very important issue with most big corporations.

 

[I7guy]

This is the turning point for me regarding privacy. Apple has lost my trust.

What does that mean? You’re going android?

 

[MarkB786]

Well, I guess Apple is just like everyone else, despite all their marketing communique about being all ethical and stuff. "What happens on your iPhone stays on your iPhone" was the recent ad. This scandal is the exact opposite of that.

 

[omihek]

Ok then why did they only disable Group FaceTime yesterday? Seriously, Apple, how many people had their privacy infringed in the last 8 days? Not cool.

 

[RickInHouston]

Wait. Did people really think this was discovered just hours ago? Do you think apple only knew about it within the past few hours of issuing a statement?

Gullible.

 

[Plutonius]

Group FaceTime isn't a thing pre-iOS 12.1

So in this case, iOS 10 has better security than iOS 12 .

 

[12vElectronics]

What does that mean? You’re going android?

Oh gosh no. Just going to start taking privacy concerns more seriously. I used to brush it all off.