New York Officials Investigating Apple's FaceTime Eavesdropping Bug

[I7guy]

Here is the link and quote.

https://forums.macrumors.com/thread...for-2019-iphones.2164794/page-4#post-26999753

Just Google how many times Apple has been under investigation worldwide.... Tax evasion...to planned obsolescence to unfair business practices...products being banned from patent infringement
So there must be something to it all. If we apply the same conclusion to all fairly.....
Again....your brand loyalty seems to always give Apple the benefit of the doubt but not others.....

The word “seems” makes the comment an opinion rather than a statement of fact. Thanks for disproving your own point.

As far as tax evasion, it wasn’t apples deal, it was Ireland’s deal. Apple settled anyway as they seemingly had no choice. Not saying apple is 100% always the knight in shining armor, but it “seems” one little convenient word was ignored in this exchange.

Kudos for digging that up though.

 

[nitramluap]

Now that they've disabled Group FaceTime server-side, this just isn't an issue. Anyone concerned about this being a problem *right now* needs to calm down.

And it's such a bizarre edge-case bug I'm not surprised it slipped through, but I find it disturbing that the mother (lawyer, supposedly) & child who discovered this didn't make more of an effort to raise the issue before going public. Twitter posts and emails really aren't the proper way to go about this, especially as they now put people at risk in the window between that point in time and when Apple disabled Group FaceTime server-side.

Quite irresponsible, frankly.

 

[trusso]

Our government has a very different option about that. They thing that they are not just above the law, they are the law.

Indeed.

"We teach them to take their patriotism at second-hand; to shout with the largest crowd without examining into the right or wrong of the matter -- exactly as boys under monarchies are taught and have always been taught. We teach them to regard as traitors, and hold in aversion and contempt, such as do not shout with the crowd, and so here in our democracy we are cheering a thing which of all things is most foreign to it and out of place -- the delivery of our political conscience into somebody else's keeping."

-Mark Twain​

 

[Amazing Iceman]

Too late, Apple. I've already switched to Android where I know my personal information is kept safe!

That was a healthy dose of sarcasm! (wasn’t it?)

 

[thasan]

Oh the big bag profitable company who charges a lot cause they don't sell your info for profit and charges upfront are being investigated lol

Android is free ... yeah.. "free" businesses need to make money, there are no charities.

Are you talking about hardware or software here? iOS is not given away but do you know the “price”? Have you ever seen an expensive android fun with same “charity” functions?
[doublepost=1548914229][/doublepost]

Whatever you say, Apple PR. You're all over this thread. JFL.

I will repeat, “spoiled customers”.

 

[himanshumodi]

New York officials do seem to have a lot of time. It seems totally bizarre that government officials are "investigating" a bug. Sure Apple has had it's share of screw-ups... and good on the commentors for being ruthlessly critical of Apple for that. But officials taking a legal course.. for "slow response"? How about everyone start suing various government officials for their "slow response" on civic matters.

 

[sirexilor]

Investigating over a software bug?

No, investigating Apple slow response.

 

[Khedron]

I think this thing is completely overblown. You have to set up a GROUP FaceTime call then PURPOSELY add your own number. And this only lasts as long as it takes for the other party to pick up the call or for the call to go to voicemail. This is TOTALLY overblown.

Yes and people who want to spy PURPOSELY did those steps, so?

 

[chris1958]

Privacy and security is nothing more than Apple's sales pitch. The sold there customers for 6 billions to Google. So Apple earns a lot of money with their customers data. They make it difficult for security researchers to report bugs.

Mistakes can happen. Sometimes someone at the auto repair shop forgets to fasten the wheels. Oops, another customer lost. Sorry about that, but you get nice stickers, when you bring in your car.

 

[cocky jeremy]

Go away, New York. Bugs happen. Apple was told about it, Apple fixed it.

 

[Fixey]

This bug was well known, as well as the other security bug Apple still needs to address. The security in iOS is a shambles every iOS breaks some form of security in iOS and Apple response silence until someone makes it public knowledge

 

[Marshall73]

Apple get roasted for taking a week to react to a bug yet intel etc got 6 months to TRY to resolve the CPU bugs and took multiple attempts to do so and still haven’t really provided 100% protection against them.
[doublepost=1548937886][/doublepost]

Here is the link and quote.

https://forums.macrumors.com/thread...for-2019-iphones.2164794/page-4#post-26999753

Just Google how many times Apple has been under investigation worldwide.... Tax evasion...to planned obsolescence to unfair business practices...products being banned from patent infringement
So there must be something to it all. If we apply the same conclusion to all fairly.....
Again....your brand loyalty seems to always give Apple the benefit of the doubt but not others.....

If you have hundreds of billions in the bank and if you don’t share billions in donations to government officials and lobbying then you get singled out. Simple as that. Why do you think Microsoft, Google etc get an easier ride? Apple need to grease the wheels more

 

[jamezr]

The word “seems” makes the comment an opinion rather than a statement of fact. Thanks for disproving your own point.

As far as tax evasion, it wasn’t apples deal, it was Ireland’s deal. Apple settled anyway as they seemingly had no choice. Not saying apple is 100% always the knight in shining armor, but it “seems” one little convenient word was ignored in this exchange.

Kudos for digging that up though.

It "seems" like you give Apple a pass but hold others to a higher standard. This "seems" to be you backtracking on every pro Apple stance you have taken.

Then the tax evasion wasn't just with Ireland there were other countries involved around the world. It s
"seems" that fact has escaped you.
In fact I gathered from my Google search that it "seems" Apple has been under more investigations worldwide than Qualcomm. Then it also "seems" that you don't care as Apple gets a pass from you.
Then it "seems" as though this is a prevalent theme with you. Apple gets a pass while others do not.
At least that what it "seems" like anyway.

Then sticking with the thread topic......it "seems" that Apple knew about this security bug but did nothing until the media reported it. Then seemingly Apple disabled the feature with the security bug in it.

 

[kazmac]

Go away, New York. Bugs happen. Apple was told about it, Apple fixed it.

As a New Yorker, may I ask Apple to go away then?

Not about the bug, but Apple’s delay in their response to it.

 

[LordVic]

That is not accurate. It had been over a week since the bug was reported to Apple. However, it had not been over a week since the reporting party went public with it. Apple did disable the feature within a day of it being made public.

the way you're phrasing that makes it sound even worse than if you didn't say anything at all though.

if Apple literally discovered it when the news broke and then took immediate action, that's a defensible position.

But your argument is that Apple knew for over a week and then only responded once it became public.

That argument means that Apple was maliciously compliant in with holding security fix to users until public demanded it. That's a TERRIBLE approach. Once apple learned of the bug they should have taken steps immediately to block it and then publicly announce it themselves. Not wait 1 week for the media to blow up before doing anything about it.


However, a lawsuit? Really? I'm not sure this lawsuit is going to be overly successful. There's no way Apple intentionally created this bug. Bugs happen in all software. If you start suing just cause of existence of a bug, software dev's are going to stop / slow down their innovation in fear of lawsuits on every turn.

if these people who are suing cannot show that there's direct monetary damages due to this bug, I think they're barking up the wrong tree.


But at the same time, lets not beat around the bush and make excuses for yet another crappy unethical response by Apple's head honchos.
[doublepost=1548940833][/doublepost]

It "seems" like you give Apple a pass but hold others to a higher standard. This "seems" to be you backtracking on every pro Apple stance you have taken.

Then the tax evasion wasn't just with Ireland there were other countries involved around the world. It s
"seems" that fact has escaped you.
In fact I gathered from my Google search that it "seems" Apple has been under more investigations worldwide than Qualcomm. Then it also "seems" that you don't care as Apple gets a pass from you.
Then it "seems" as though this is a prevalent theme with you. Apple gets a pass while others do not.
At least that what it "seems" like anyway.

Then sticking with the thread topic......it "seems" that Apple knew about this security bug but did nothing until the media reported it. Then seemingly Apple disabled the feature with the security bug in it.

friend, you need to learn how to just use the ignore feature for specific users.

 

[macsrcool1234]

Are you talking about hardware or software here? iOS is not given away but do you know the “price”? Have you ever seen an expensive android fun with same “charity” functions?
[doublepost=1548914229][/doublepost]
I will repeat, “spoiled customers”.

How spoiled of me to not want my phone able to be wiretapped by anyone /s

Try again.

 

[cmaier]

This bug was well known, as well as the other security bug Apple still needs to address. The security in iOS is a shambles every iOS breaks some form of security in iOS and Apple response silence until someone makes it public knowledge

Do you have any evidence the bug was well known? The only documentation of the bug prior to the public reveal appears to be from the one week earlier.

 

[Marekul]

Now that they've disabled Group FaceTime server-side, this just isn't an issue. Anyone concerned about this being a problem *right now* needs to calm down.

And it's such a bizarre edge-case bug I'm not surprised it slipped through, but I find it disturbing that the mother (lawyer, supposedly) & child who discovered this didn't make more of an effort to raise the issue before going public. Twitter posts and emails really aren't the proper way to go about this, especially as they now put people at risk in the window between that point in time and when Apple disabled Group FaceTime server-side.

Quite irresponsible, frankly.

You can not blame a random kid and his mom for not having a volunerability disclosure protocol.

But apple should have protocols for when security volunerabilities are reported through whatever channel. Mom and kid did exeptionally good as laymen, apple just completly failed.

Even a pro would have disclosed the volunerability much sooner than usual grace periods considering it is so easy to reproduce and used in the wild.

https://www.hackerone.com/disclosure-guidelines
protective disclosure: If the Security Team has evidence of active exploitation or imminent public harm, they may immediately provide remediation details to the public so that users can take protective action.

 

[jamezr]

You can not blame a random kid and his mom for not having a volunerability disclosure protocol.

But apple should have protocols for when security volunerabilities are reported through whatever channel. Mom and kid did exeptionally good as laymen, apple just completly failed.

Even a pro would have disclosed the volunerability much sooner than usual grace periods considering it is so easy to reproduce and used in the wild.

https://www.hackerone.com/disclosure-guidelines
protective disclosure: If the Security Team has evidence of active exploitation or imminent public harm, they may immediately provide remediation details to the public so that users can take protective action.

Then there is the issue of QA and testing.....why wasn't this discovered during all the testing? They have teams that go through immense testing protocols to ensure this doesn't happen.
Some bugs do happen and slip through the cracks. But this one seems to be very easily reproduced.

 

[koa]

Clash of the Big Apples.

 

[I7guy]

It "seems" like you give Apple a pass but hold others to a higher standard. This "seems" to be you backtracking on every pro Apple stance you have taken.

Then the tax evasion wasn't just with Ireland there were other countries involved around the world. It s
"seems" that fact has escaped you.
In fact I gathered from my Google search that it "seems" Apple has been under more investigations worldwide than Qualcomm. Then it also "seems" that you don't care as Apple gets a pass from you.
Then it "seems" as though this is a prevalent theme with you. Apple gets a pass while others do not.
At least that what it "seems" like anyway.

Then sticking with the thread topic......it "seems" that Apple knew about this security bug but did nothing until the media reported it. Then seemingly Apple disabled the feature with the security bug in it.

It “seems” where there is smoke there is fire. Qualcomm is under investigation and “seemingly” for good reason. Apple has never been convicted of tax evasion, even after the investigation. My guess, they are way too smart for that, even if the EU didn’t like the deals.

Apple under investigation in NY we dont know why; maybe some NY senators are bored.

Then sticking with the thread topic, it “seems” Apple did know about this prior to when the story broke. The rest is conjecture. Maybe NY will force the truth out of them, which may or may not be revealing.

 

[Marekul]

Then there is the issue of QA and testing.....why wasn't this discovered during all the testing? They have teams that go through immense testing protocols to ensure this doesn't happen.
Some bugs do happen and slip through the cracks. But this one seems to be very easily reproduced.

The biggest question is why is it possible to remotely initiate a encrypted mic and camera feed? Hard to imagine this is not a hidden feature that got exposed. I mean the whole design should be layed out from ground up that exactly this thing is not possible.
Or I give them too much credit and the apple is really that rotten?

 

[Dave-Z]

It always makes me feel better, as a software engineer, when someone like Apple f's up like this. Reminds me that even the guys at the top of their game are capable of howlers like this one too.

I get what you're saying, and mostly agree. But given what I've seen in macOS and iOS as of late, I would not say Apple engineers are at the top.
[doublepost=1548954937][/doublepost]

They first officially heard about it Monday and killed it off Monday. People act like Apple sat on this for months or something.

Reports seem to suggest it was reported a week prior. It would seem a breakdown in processes contributed to the delayed reaction. That breakdown is still on Apple though.

 

[jamezr]

It “seems” where there is smoke there is fire. Qualcomm is under investigation and “seemingly” for good reason. Apple has never been convicted of tax evasion, even after the investigation. My guess, they are way too smart for that, even if the EU didn’t like the deals.

Apple under investigation in NY we dont know why; maybe some NY senators are bored.

Then sticking with the thread topic, it “seems” Apple did know about this prior to when the story broke. The rest is conjecture. Maybe NY will force the truth out of them, which may or may not be revealing.

Hmmm so it “seems” where there is smoke there is fire for Qualcomm when they are investigated. But it “seems” where there is smoke there is fire to not be the case when Apple is investigated....Gotcha...it's clearer now

 

[twistedpixel8]

But you loose voice when you start video feed, it’s not a “too”. An either or.

Oh, well that makes it alright then...