He’s making the accusation. Apple just needs to sit and get him to show his ‘evidence’. I’m unsure how he’s going to prove and ‘unknown’ person listened.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Hit With Lawsuit Over FaceTime Eavesdropping Bug
- Thread starter MacRumors
- Start date
- Sort by reaction score
He’s making the accusation. Apple just needs to sit and get him to show his ‘evidence’. I’m unsure how he’s going to prove and ‘unknown’ person listened.
This bug is not something one would do unintentionally. You have to know about it ,in order to exploit it. Bugs like this exist everywhere. The fact that Apple stopped Group FaceTime is a good thing.
[doublepost=1548842033][/doublepost]
Did you talk to Apple Support about this?
Surprising that a lawyer doesn't recognize these four letters -- EULA.
Ironically, crafted by other lawyers to shield software companies from liabilities from bugs in their products.
Like it or not (I don't), that's how the software business works.
I suspect the judge will know what those letters mean, and if not, Apple's lawyers will remind them.
Ironically, crafted by other lawyers to shield software companies from liabilities from bugs in their products.
Like it or not (I don't), that's how the software business works.
I suspect the judge will know what those letters mean, and if not, Apple's lawyers will remind them.
I wouldn't ascribe such behavior to all people, just the greedy and the sick.
Sure, there's a lot of them.
I think the point is you wouldn't know that you were being listened to:"a person could force a FaceTime connection with another person, providing access to a user's audio and sometimes video even when the FaceTime call was not accepted." - they evidently (lawyer speak
were not using FaceTime, but simply declined a call.I was delighted to hear of group calls with FaceTime after waiting years since I often used this feature in iChat. Let's see how long before they fix it.
It is literally impossible to catch every bug through any kind of internal testing for an application that complex. Catching bugs requires a diverse set devices and user conditions to be able to trigger enough possible scenarios, and at times are even random. Even with that, 20 years later there could still be undiscovered bugs. After all it took 24 years for the Meltdown and Spectre processor exploits to manifest, and when that happened hundreds of thousands (if not millions) of secure environments were exploitable. Bug fixes are essentially never ending unless support for a version is dropped, and the only reason bug fixes stopped in that case is because they stopped bothering to fix it.
Your expectations exceed reality / are unrealistic.
Last edited:
Everyone is human!
The idea that you can trust any company to be 100% bug free, accident free etc.. is kind of crazy. Not even car companies, airplane builders etc.. are 100% bug free. It's impossible.
The reality is additional features add complexity which increases the vulnerability to bugs. Its impossible to have it any other way apart from to not introduce additional features. That's what finance companies and nuclear power plants do.. not update their stuff!
Apple cant do that otherwise there will be no business.
It's obvious that this bug is there because they added additional callers to face time which meant whatever test frameworks were setup and passed, didn't account for how things work with additional callers properly. But for years this team would never have had to look outside the series of tests they normally use, now they have to and they got caught out. It happens. All you can do is solve it as soon as possible.
And apple tend not to react immediately to issues like this because alerting more people to an issue like this without having a remedy is asking for trouble. Unless you have a solution or way of managing it what is the point of exacerbating the issue by telling everyone?
As you said, probably. We can't be sure. And here we're talking about a company that "tricks" users to even sync their document and desktop files to iCloud when they purchase a new computer. MS doesn't do that.
They certainly try to nudge you into it, Windows 10 has been telling me to "protect my data" by using oneDrive quite often on my home-computer.
PS: I do not feel "tricked" by MS or Apple because they ask me to use their cloud-storage
You're right MS doesn't trick users to sync their documents and desktop files to iCloud, instead they do it to Azure / OneDrive.
Personally, I'd take a system that is "probably" exploitable in that way, over a system that I already know is definitely exploitable in that way. To put it another way, it's possible macOS and iOS can be exploited that way ... iCloud has nothing to do with that at all, and has no bearing on anything. iCloud's servers are encrypted and in another location, and them being exploitable or not does not affect nor make a difference if the laptop itself is exploitable. Still this is possibility. Even if iCloud didn't exist the laptop exploit would still be a possibility, neither has anything to do with the other nor is the exploit of one dependent upon or due to another.
It is with absolute certainty that a Windows computer and Android phone can be exploited. Doesn't matter if you use the cloud or not, your files are accessible. Do you think that's better?
I don't disagree with you. I'm expressing my concern about Apple's security. I don't know about Azure to be honest.
But going back to encrypted files at rest on iCloud is not enough to me. For some professions files shouldn't be on icloud! And I happen to know people who didn't realise every document they had was uploaded.
Going back to facetime a convenient solution would be a light next to our camera (as it is on imac)
The problem with smartphones is that they are active when you are not looking at them. You could have set your phone to silent/vibrate and just ignored the call, in that case you also wont notice the light next to the camera and people could still have eavesdropped.
Maybe someone will design a sleeve that specifically blocks the microphones when the phone is inside. Would have to be very specific per model though...
It it’s been like this for the last 5 years or so, nothing new in Apples QC department.. iOS 11 was a total joke.
You don’t know what loss or damage this guy suffers. You are just guessing about it.
What is you or anyone so pissed off when someone suing a multi-billion company? Everyone gets rights to sue someone or some company. I don’t see what is wrong with that. It will decided by court.
[doublepost=1548853738][/doublepost]
Why are you so pissed off when someone suing Apple?
Apple has been sued and lost several court case before. You never know if this particular guy suffered any loss or damages. You are just guessing.
Were you pissed off for a guy suing or suing Apple?
The Facetime light was already exploited and disabled. Google, "isight light hack." That has since been patched, but it reflects that even such security measures don't really amount to much. It's because of that almost ten year old exploit that I think it's probable that someone thought a way around the patch, and never published it.
I think most people are generally better served by a monitored and secured datacenter. Considering that most people have no idea how to secure their computer, or monitor it for intrusions.
Personally, I would rather trust my files in an encrypted datacenter that is almost physically impossible to penetrate, where paid white hat hackers proactively monitor it and patch it 24/7 ... than to think my unmonitored, encrypted laptop is more secure. Granted, a datacenter is a juicier and more obvious target, and my data might be a consequence of someone else's targeting ... but my laptop is significantly more hackable, albeit less targetable (unless I connect to public wifi).
Pros and cons / tradeoffs with each, so it's really a matter of perspective.
But personally, I'm very experienced in professional computer security, and even I don't have the patience to monitor my laptop. With Windows that was a daily task, with MacOS's true / pure Unix subsystem I'm less concerned. But even then my laptop is basically empty, and everything is on an encrypted and multi-firewalled NAS, with SELinux secured and encrypted off-site, ssh key only accessible, single point of entry backups. I'm certain my cloud backups are more secure than my NAS. I put significant effort into it because I knew it was in the cloud. That logic is similar in other cloud versus laptop situations, that because it's "the cloud" more effort is put into security.
Last edited:
First of all thank for explaining few technical details. I understand your point. I can only speak for myself. I am not experienced in computer security as yourself but I consider myself above the average user. With macos 10.13 (I think?
) without realising it while installing it, it was preselected to sync everything on cloud. Even if I would like the convenience of having my data on cloud I'm simply not allowed to put medical records online - even if Apple secures my files. I realised that lots of other people didn't realise it as well.For a company that advocates security so much I would expect something more. As a consumer I can't be specific, like yourself probably, of what I would like Apple to do but right now I don't get the feeling of being as secure with Apple as I would like.
I understand this case with facetime is a bug but I'm reading here that Apple was informed soon enough. I remember last year we has similar issues (with password if I remember). Confusing users to sync files on cloud is another problem for some people. Do you believe that Apple could handle privacy a bit better maybe? It's a question that I would like an expert on computer security to answer. I'm always learning something new here