FaceTime for Mac Beta Opens Up Security Hole to Allow for Compromised Apple IDs

[amanset]

Wow, fail! I'm glad I think Facetime is worthless and will never use it...

I installed it out of curiosity, found out I have no use for it and now want to uninstall it. Normally I'd just remove the .app file but with it listening for connections without the .app running, I can't help but feel that there is something else that has to go.

Anyone know how to do a proper uninstall?

 

[Oothoon]

Oh boo hoo hoo...its a beta test.

Couldn't agree with you more. Sorry Ladies & Gentlemen, this is a non-issue as far as I'm concerned and the very reason why there are Beta Tests like this -- to get feedback regarding what needs to be corrected, changed, etc., etc..

 

[HLdan]

While it's no excuse for lax programming, this is BETA software and is therefore bound to contain issues such as this.

I hope they filed a bug report with Apple...

I disagree, on some level people need to take responsibility for their private stuff. Take that back, on ALL levels people do. It's your responsibility to protect your computer from prying eyes, not Apple's, not Microsoft's not anyone but you. You need to run to the bathroom? Lock your computer.

 

[benhollberg]

I just tried this and it didn't do anything, I clicked "View Account" then it went to the next page and then immediately went back. It looks to me like it has been fixed and not too big of an issue anymore.

 

[RodThePlod]

I also discovered, if you give someone physical access to your machine, it's possible for them to delete all your files and render the OS unbootable! And if they happened to bring their own USB key or blank disc, they could make copies of ALL your personal information!!

O.M.G!!!

I'm going back to Windows!

Oh, wait...

 

[Surely]

Beta.


On the plus side, no problem for me...... I'm not able to sign in for some reason.

 

[7o7munoz7o7]

Sooo.....should mail be encrypted anytime you are not using it...because if someone has physical access to your computer, and mail is open...oh snaps...they can get your mail!!! this is another non-issue that people try to blow up to make Apple look bad...calm down people
FTW

 

[elmo151]

I did the obvious...signed off...and deleted the app using iTrash.

I expect these problems will be resolved when the app gets out of beta. I'll reinstall at that time.

 

[KnightWRX]

Beta means feature complete. Privacy exposing features are not what I call complete.

This is an omission and requires a fix.

 

[samcraig]

The software is in beta - clearly things need to be ironed out. But a few comments

1. If this were a microsoft windows issue - Apple fanatics on this board would be having a FIELD DAY with it. But I guess since it's Apple its not that big of a deal

2. For those stating it's a non issue because the bigger issue is people who have access to your computer are forgetting one thing. This isn't just about people having access to your computer. There are plenty of mac workstations where people access macs that are NOT theirs - and if they choose to use this beta (or if the real version isn't fixed) then it IS a BIG security risk.

 

[rfahey]

Even if they couldn't view this information in the FaceTime app, they could on that "Passwords" file on your desktop.

so there.

 

[tempusfugit]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Mobile/8B117)

Wow so if I let someone I don't trust use my computer my information might be at risk? Glad I know so I don't fall for THAT trap......

 

[RodThePlod]

I disagree, on some level people need to take responsibility for their private stuff. Take that back, on ALL levels people do. It's your responsibility to protect your computer from prying eyes, not Apple's, not Microsoft's not anyone but you. You need to run to the bathroom? Lock your computer.

I agree with you. So I'm not sure why you disagree with me

 

[Carlanga]

I noticed this yesterday and got me thinking about it myself

 

[Daiden]

I cannot emphasis this most of all. Security is never uncompromisable or unbeatable. There are two vectors of attack that you can pretty much never guard against. The first is an ignorant user who blindly does things they don't understand. The second is someone getting physical access to your device.

If someone can achieve (or compromise) just one of these vectors, it's game over any anything is possible.

This is true. It is incredibly easy to change an administrator password if someone has physical access to your mac (it's done in about 3 lines of code). Good rule of thumb: only let people you trust use your computer.

 

[NinjaHERO]

That's funny. I am sure Apple will fix it rapidly.

 

[samcraig]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Mobile/8B117)

Wow so if I let someone I don't trust use my computer my information might be at risk? Glad I know so I don't fall for THAT trap......

mmmmhm. I agree.

Now what about public computers that people might sign onto facetime to chat on where it would be an issue?

 

[satkin2]

If you choose to use a beta version then you should know that you're opening yourself up to potential risks

 

[samcraig]

If you choose to use a beta version then you should know that you're opening yourself up to potential risks

I agree. But not everyone in the general public understands what beta means. Many people will visit the apple site and go "oh - cool I can facetime from my computer now" It doesn't give any warnings before downloading.

Just saying. It's easy to judge since we tend to be more savvy

 

[skeep5]

but did i mention its awesome?

 

[WestonHarvey1]

Beta or not, how does this fit any reasonable definition of security flaw?

Where's the flaw?

 

[ks-man]

Wait, so if I'm doing a FaceTime with my mom she can actually change my AppleID password??? She also can find out my date of birth??? Or figure out the answer to my security question of what the name of my first pet was????? I certainly better not change my password question to my mother's maiden name as that is where I draw the line on what she shouldn't be able to see. Please don't anyone tell my mom that she has access to this.

And if I get that anonymous facetime request for a chat I'll make sure to accept it so Mr. Random bad guy can get my information and then I'll blame Apple for the security hole We all have been trained not to click on a link in an e-mail from someone we don't know, but we are concerned about accepting video chats

Moving on.

 

[Moomba]

lol...such a non-story! When it comes to physical access to a system ALL bets are off. If someone has access to your system there's very little they can't do given the time. This really isn't worthy of being on the main page except to spread FUD.

 

[Xian Zhu Xuande]

1. If this were a microsoft windows issue - Apple fanatics on this board would be having a FIELD DAY with it. But I guess since it's Apple its not that big of a deal

I doubt it would even be news.

Well, it would be since this is a relatively new thing.

And someone above commented on the cavalier attitude toward this. I would be more concerned if this were not beta software, or if it were being distributed on new Macs. As it stands, people downloading this will generally be the sort who are curious in new beta technologies and most will be technically proficient themselves. And those that aren't technically proficient probably aren't securing their important information on their computer anyway...

If Apple doesn't fix it and doesn't care, then it will be an issue.

 

[tempusfugit]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Mobile/8B117)

but did i mention its awesome?

I agree. For a beta this app works extremely well and reliably. Even on my older machines. This will be great especially when windows users get a version too. I wouldn't be surprised if FaceTime really took off eventually as a cross platform standard for video chat.

Zero configuration is a major win if you want a lot of people to adopt.