Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Serious FaceTime Bug Lets You Hear a Person's Audio Before They Answer [Update: And See Video]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not true. I’m on the new 12.2 beta and I tried it and it worked as noted.
Looks like Apple pushed Chinas iOS update to the states. Woops!
The Verge is reporting you can also get video if they dismiss the call using the power button or touch the volume buttons. https://www.theverge.com/2019/1/28/18201383/apple-facetime-bug-iphone-eavesdrop-listen-in-remote-call-security-issue
Yeah. That mirrors the tone from your first reply, but it still doesn’t make it more than a unreflected “simple truth”. Period.
The processes for hardening security and privacy relevant software is around for several years now and follows certain rules. Simple bugs like that in such a crucial environment only happen if you don’t follow them and don’t have the gates and checks in place on each layer.
Opening a mic on my phone without an interaction on my side should not happen in any case. Starting up the whole VOIP/Facetime stack behind a “Incoming call” window, however, is a totally different thing and should not be possible even with standard software testing.
Apple just lacks any sense for QC recently and seems to run devolopment
like a coding club. Which is nit adequate for a multi billion dollar company.
It's not like even years ago Apple had bugs where whole parts of someone's hard drive were deleted when they tried to login to their computer. Or all kinds of other companies have had all kinds of other rather bad issues here or there.
Bad, bad timing Timmeh: https://twitter.com/tim_cook/status/1090001767780179969 
It sounds like you have software engineering and testing experience that's at a level beyond that of the engineers/scientists/programmers/QC at Apple. Perhaps you can help them out so this never happens again, no matter the conditions? Should be easy, right?
As an aside, can you point to another major OS (or other complex software) that has been bug (simple or otherwise) free.
Yea it is kind of forgive-able that they never checked this one extremely specific GUI action. But why is the core of the system way before we even get to the GUI patched together so poorly that this worked?
Forgive me I am not programmer but you would think the design of the software would be built from the ground up to make something like this nearly impossible (yes I know there is no impossible in software). I would imagine the processes handling the transfer of video/audio would be locked down absolutely unable to proceed without direct user consent. Hell even that direct user consent, "swipe to answer", should be very carefully engineered to ensure there literally was a HUMAN making the motion & not faked by a bot. I always thought Apple had this **** on lock? Is this the revealing moment where we find out Apple security is no better than anyone elses & is literally a misplaced ; away from catastrophe? Am I crazy to think the underlying design should be ensuring this glitch is not possible?
Last edited:
What? Providing someone access to the device's microphone and even the front-facing camera without the user's direct and active consent, especially for someone whom you may not wish to talk to at that moment or ever, is about as serious a bug as it gets.
I think it’s noticed by the community who finds this stuff, but instead of reporting it to Apple, they hold it for clicks.
It'll be fun to hear a compilation of things people say before accepting a call. They can even make it into an exclusive show.
Probably a NSA backdoor feature discovered.
Probably a NSA backdoor feature discovered.
It was quite ok for several years inbetween, though. It got really bad even with the routine stuff recently.
And it’s not like you can’t buy good QC and code hardening these days. You have to actively make it a priority and make space for it in your dev pipeline and wallet, though.
Those aren't really the only things that can qualify something to be seen as "serious" or even "critical".
Sure, and yet even with that something will be off somewhere at some point, even to this degree.
The steps taken to get it to work is not normal and I believe whoever found this held it until just the right moment. Little happen as a coincidence. How many betas did they go through before release? None of the professional beta testers or public testers noticed this? Yeah right.
Especially when trying things that make zero sense. I would never think to add my own number to the call as another person. The software is so complex that it is impossible to catch every possible failure no matter how much testing you do.
Yeah, why do testing at all. Something’s always off.
This bug is something that is obviously preventable with existing coding patterns. The state the app is in should not exist at all and management of app state is a basic software engineering skill without even touching coding techniques for security relevant development.
Again, there's all of that as far as improving things and so forth, but the point still stands that even with all of that perfection is basically something that doesn't exist, and sooner or later something will still surface, and that something could still be rather bad. No one is saying that things couldn't or shouldn't be better, but at the same time it's also not really practical to say that even if things are better that they would be perfect and that something still won't pop up somewhere.
This is pretty bad. Mic access before the connection is made. Maybe for Siri integration to answer hands-free? This is also why I don’t have a smart assistant speaker. I don’t trust that it’s not always listening.