Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,619
38,026



There's a major issue affecting FaceTime right now, which all MacRumors readers should be aware of. A bug with Group FaceTime can let someone force a FaceTime call with you, giving them access to your iPhone, iPad, or Mac's video and audio even when you don't accept the FaceTime call.

In the video below, we demonstrate how the bug works. We do not condone MacRumors readers invading peoples' privacy, and these video is meant to make it clear how simple it is to exploit this bug to emphasize its seriousness.


As outlined in our original post on the issue, this FaceTime bug is very easy to exploit. All someone needs to do is call you and then add their own number to the FaceTime call to force a connection with you.

From there, they can hear your audio, even though on your end, it looks like the call wasn't accepted yet. If you hit the power button to make the call go away, it gives the person on the other end access to your camera. This bug can be initiated on an iPhone and it affects iOS and macOS devices running current software, including iOS 12.2.

This is a huge privacy issue and while Apple says a fix is coming "later this week," iPhone and Mac users concerned about spying should turn off FaceTime all together. Enabling Do Not Disturb also appears to work as a preventative measure.

Update: Apple appears to have temporarily addressed the issue by disabling Group FaceTime calls server side. On Apple's System Status page, Group FaceTime is listed as unavailable.

Article Link: FaceTime Bug That Lets People Spy on Others Demoed in Video [Updated]
 
>Huge FaceTime security bug
>Let's show the broad public step by step how to do it as "a preventive measure"

Or just tell people what happens and what to do until there's a fix. Stupid.
 
Why show a video of how to replicate this issue? Why is that necessary? We’re already aware of the problem; no need to show people how to replicate it. This is a security and a privacy problem.

It's not meant to be an instructional video, it's to show people who aren't aware how easy it is to exploit so they can understand the seriousness and disable FaceTime. Anyone who wanted to exploit it could easily find the steps on virtually any other site because it's absolutely everywhere now. There's no hiding the execution of a bug like this. Might as well spread awareness so MR readers can be safe.
 
Seems almost deliberate in the iOS. Making the power button activate video would be somewhat expected action of someone on other end to lock their screen or end task.
 
The next phone I buy will have a LED next to the camera that lets you know it is active.
 
I thought he was going to tell us how to mute audio while a FaceTime connection was in progress.
 
It's a bug. Not exactly an earth shattering one like the chip design flaws from last year. A software bug. It'll be fixed. Calm down. Return to your previously planned activities.

It’s concerning to me that bugs of this severity not only occur but do so with some degree of frequency. They are not merely software bugs to calm down about. MacRumors describes it as serious. Every iPhone unlock or remote access/control exploit is a major failure.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.