Apple Disables Group FaceTime as Temporary Workaround to Major Privacy Bug

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 28, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Apple appears to have disabled Group FaceTime on its server side as a temporary workaround for a major bug discovered today that allowed anyone who places a FaceTime call to listen to audio from the recipient without them answering the call. The bug even extended to video in some circumstances.

    [​IMG]

    As spotted by Mark Gurman, Apple's system status page now says "Group FaceTime is temporarily unavailable" as of 7:16 p.m. Pacific Time.


    As a result, it is no longer possible to add your personal phone number to a Group FaceTime call, which was the underlying cause of the bug. Multiple editors on our team have confirmed being unable to add a phone number to a FaceTime call. One-on-one FaceTime calls continue to work normally.

    Apple has promised to release a software update that permanently addresses the bug "later this week," and given the serious privacy implications, the company likely has engineers working on the update as we speak.

    Group FaceTime is limited to iOS 12.1 and later.

    Article Link: Apple Disables Group FaceTime as Temporary Workaround to Major Privacy Bug
     
  2. vista.john macrumors regular

    Joined:
    Oct 24, 2008
  3. cashville2400 macrumors regular

    cashville2400

    Joined:
    Nov 29, 2011
  4. KPOM macrumors G5

    Joined:
    Oct 23, 2010
  5. I7guy macrumors P6

    I7guy

    Joined:
    Nov 30, 2013
    Location:
    Gotta be in it to win it
    #5
    Good move by Apple. Cuts the bug off at the knees.
     
  6. TVreporter macrumors 6502

    TVreporter

    Joined:
    Mar 11, 2012
    Location:
    Near Toronto
    #6
    “One-on-one FaceTime calls continue to work normally.”

    Can you then change all the prior headlines to clearly state it’s for iOS 12 versions?
     
  7. iop macrumors regular

    Joined:
    Apr 15, 2011
    #7
    I've just disabled ft. If this kind of bug was allowed to happen, it's possible there are other hidden bugs. It's better to be safe than sorry. I highly recommend that everyone disable facetime on their apple device at this point.
     
  8. shareef777, Jan 28, 2019
    Last edited: Jan 28, 2019

    shareef777 Suspended

    shareef777

    Joined:
    Jul 26, 2005
    Location:
    Chicago, IL
    #8
    Glad to see they were quick with a mitigation to prevent privacy issues (not sure why they’re calling it a fix/workaround). Hoping they’re just as quick with a fix.

    Edit: reading it’ll take a week. If so, that’s pretty shameful. A company of Apple’s size/stature shouldn’t take an entire to fix a known bug that concerns privacy.
     
  9. QCassidy352 macrumors G4

    QCassidy352

    Joined:
    Mar 20, 2003
    Location:
    Bay Area
    #9
    Yeah... I'll pass, thanks. Nobody who FaceTimes me is going to try to spy on me, and if they did, I'd see it because it's not like someone can FT you without you knowing about it.

    That said, it's still a good move to take down Group FT until a fix can be issued because the negative publicity from this is already out of control, and Apple is wise to cut it off now.
     
  10. shareef777 Suspended

    shareef777

    Joined:
    Jul 26, 2005
    Location:
    Chicago, IL
    #10
    But they CAN FT you without your knowledge with this bug. All it takes is a couple sec of you missing an incoming call and then it could be listening without your consent.
     
  11. Juan007 macrumors 6502a

    Juan007

    Joined:
    Jun 14, 2010
    #11
    Nice to see Apple take responsibility and look out for their users. Nobody is perfect, everyone makes mistakes.
     
  12. Sevanw Suspended

    Sevanw

    Joined:
    Sep 13, 2014
    #12
    Just non-stop hardware/software issues with this company, yet the diehards still like to chant the mantra of, "it just works." SMH...
     
  13. curmudgeonette macrumors 6502

    Joined:
    Jan 28, 2016
    Location:
    California
    #13
    As I feared, Apple may be relying too much on server side security. This may be fine in a walled garden, but unacceptable out in the wild. Each client device needs to assume the worst and perform its own full security.

    Wonder how long until someone reverse engineers the FaceTime protocol and uses it to directly attack targets? Suspect that such an attack could nearly instantly advance the connection to getting a video snapshot. It could then terminate, wait a few seconds, and then repeat. The result would be stop-action video, but the victim wouldn't notice a continuing connection. All they'd see is that they missed a FaceTime request.
     
  14. Baymowe335 macrumors 68040

    Joined:
    Oct 6, 2017
    #14
    Lol, what are your qualifications to “recommend” that?

    This stuff actually has a silver lining. It wakes up people that need to make sure this crap doesn’t happen. Bad look for Apple and I’m a big Apple defender. This isn’t fix and move on. Someone needs to be fired for it.
     
  15. az431 macrumors 6502a

    az431

    Joined:
    Sep 13, 2008
    Location:
    Portland, OR
    #15
    It’s always possible that there are bugs anywhere in iOS. Why not just disable iOS entirely?
     
  16. I7guy macrumors P6

    I7guy

    Joined:
    Nov 30, 2013
    Location:
    Gotta be in it to win it
    #16
    For all we know, Apple with this fix, may be beefing up facetime security.
     
  17. az431 macrumors 6502a

    az431

    Joined:
    Sep 13, 2008
    Location:
    Portland, OR
    #17
    This has nothing to do with “server side security.” Apple disabled a service.
     
  18. Krizoitz macrumors 65816

    Krizoitz

    Joined:
    Apr 26, 2003
    Location:
    Tokyo, Japan
    #18
    I’m a software tester, taking a week is incredibly fast. There is nothing shameful about it. You first have to have the engineers identify the appropriate fix, throwing dozens of people at it isn’t going to help only a handful of people are going to have the expertise in the area to address it and your going to want your highest level engineers on it, meaning even fewer. Once they have identified the source of the bug you have to decide on the fix and actually make it. Then it has to be reviewed to try and avoid other bugs. After that you have to take time to test the fix. Testing involves not just this specific scenario but potentially hundreds of other scenarios involving FaceTime and other features that might be impacted. And you have to do that fixing and testing across the entire line of products, macOS and iOS. That’s also going to take time. Even working around the clock shifts there is only so fast you can move. Plus they are probably going to do some extra testing and around FaceTime to try and catch any other bugs like this. Software development, especially of the scale is hard. There is a reason the people who can do it well make a lot of money.

    What would be shameful is rushing out a quick fix that solves this problem but possibly introduces other ones. Apple has taken the quickest possible step to protect users and now will fix the bug. They did this 100% the right way so far.
     
  19. GetSwole37 macrumors member

    Joined:
    Jun 23, 2010
    #19

    “Someone needs to be fired”. Lol. Only if they put the code in there for this. It’s a bug!
     
  20. DribbleCastle macrumors regular

    DribbleCastle

    Joined:
    Apr 17, 2009
    Location:
    Seattle, WA
    #20
    Better just turn off your phone and cancel your phone service while your at it.
     
  21. Baymowe335 macrumors 68040

    Joined:
    Oct 6, 2017
    #21
    Logical post.

    I bet there are a few people up late at 1 Infinite Loop tonight though, working on just what you’ve described. Tim Cook is likely not far away either and probably isn’t happy.
    --- Post Merged, Jan 28, 2019 ---
    Again, huge Apple defender here. Follow my posts. I’m like one of the few that has some logic to my posts here.

    I work at a mega corporation and this is the kind of stuff that will get people fired, as it should.

    Yes, it’s a bug, but some of them can’t happen. It may be no one’s fault, but that’s too bad. When privacy is a pillar of your company, and I do think Apple is one of the few that actually cares about privacy, this one can’t happen.
     
  22. TVreporter macrumors 6502

    TVreporter

    Joined:
    Mar 11, 2012
    Location:
    Near Toronto
    #22
    The PR machine will be up late tonight too with some great spin lines for Tim to spew tomorrow!

    What a PR disaster - let’s hope this was restricted to Group FaceTime and not something that’s been accessible for longer.
     
  23. sfobear macrumors newbie

    sfobear

    Joined:
    Nov 9, 2011
    Location:
    San Francisco, CA
    #23
    I can totally understand why this was missed in testing. You’re placing a call and then you add your own number to the call...it would never occur to me that I could even try to do that, I’m already “using my line.”

    This is why I respect QA testers—they have devious minds and spend their days thinking of edge cases like this. :)
     
  24. HiRez macrumors 603

    HiRez

    Joined:
    Jan 6, 2004
    Location:
    Western US
    #24
    Exactly, a "workaround" is another way to accomplish the same thing (albeit usually more laboriously). This is just blocking a broken system from being used at all. Which is totally fine and understandable in this case, but please don't call it a "workaround".
     
  25. cmaier macrumors G5

    Joined:
    Jul 25, 2007
    Location:
    California
    #25
    Adding my own number was one of the first things I tried as a beta tester, because I had no one else to test it with.
     

Share This Page