Good thing no one ever calls me, let alone FaceTimes me.
Either way, turned all that **** off.
Either way, turned all that **** off.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Serious FaceTime Bug Lets You Hear a Person's Audio Before They Answer [Update: And See Video]
- Thread starter MacRumors
- Start date
- Sort by reaction score
You don't think anyone being able to remote listen in on your conversations remotely isn't a big deal? Especially considering stukdog's post above, suggesting if you repeat the process you can make the original Facetime request disappear.
Even more worrying than this specific issue - is that if Apple have missed something as major as this; what else have they missed? How many other exploits could be out there?
Am I recalling something incorrectly, but wasn't there some mention of a feature that FaceTime will actually start transmitting your side of things when you are calling so that the recipient can already see you (perhaps even hear you somehow) before they even answer? Sounds a little odd, but I can almost swear I recall this being something that was a new feature or something like that.
Ahh macrumors, make three different stories about a huge issue to spread it out
It's went down hill with Apple and this site for years
Anymore it's just advertising on the front page of macrumors. That's why you see every beta posted on the front page.
You know things are bad when the front page here starts hiding all the problems with beta releases I guess it just works that way.
I thought the whole point with Apple for a decade was that you paid extra so this doesn't happen?
It's went down hill with Apple and this site for years
Anymore it's just advertising on the front page of macrumors. That's why you see every beta posted on the front page.
You know things are bad when the front page here starts hiding all the problems with beta releases I guess it just works that way.
I thought the whole point with Apple for a decade was that you paid extra so this doesn't happen?
So the problems are hidden, yet there are three stories about a problem?
Are you joking? Give me your apple ID, I want to listen to you poop in the bathroom.
What's even more worrying is what did Google, Microsoft or Amazon miss. Yeah, it's a stupid, serious bug that will be addressed pronto by Apple.
This bug is probably showing up because they allow without your knowing in other scenarios
It should never behave this way ever
Not for anything ever except listening for hey siri to do anything else. That's a whole different layer.
But Apple is best with privacy /s
No they are not and likely worse until they have open source software and audits Or do people need examples of Apple flat out lying to customers
[doublepost=1548728898][/doublepost]
Only addressed now that it's in the news. Don't you see a trend yet?
Now that it's news or now that it's known? And is it only being addressed because it's in the news or the news of it being addressed is in the news because Apple needed to address the news but has been working on and planning to release a fix even prior to that?
As far as privacy, there's a difference of having actual features that knowingly impose on it and having an unintentional bug that crafted and issue.
Good Lord Almighty has Apple been effing up all the way around lately!
Wow.
Wow.
Nothing is 100% perfect. However, when a bored taxi driver can hack the phone in a few attempts, QA engineers haven't tried hard enough. Sorry, there should be someone in the company who's trying to hack the interface 8 hours a day.
If I test an email app, I need to try what happens when the From and To addresses are the same, or empty. Similarly, we need to test what happens when we add ourselves into an existing conversation. These are common boundary conditions.
By that logic winning a lottery shouldn't be hard since a random person who just decides to play it one time has been able to win it at one point, then surely plenty of those whi play all kinds of combinations each time would surely win and probably more than once. That certainly holds up.
Terrible.
I’m not a programmer, but I have a hard time understanding how this happened. Is it so complicated (especially for a self-professed privacy-focused company) to program FaceTime so that:
‘if user consent action status (e.g. accepting call) has not been given, then audio and video is never ever sent under any circumstances, overriding any other settings or preferences’
Is that really very hard to program? Genuine question!
I’m not a programmer, but I have a hard time understanding how this happened. Is it so complicated (especially for a self-professed privacy-focused company) to program FaceTime so that:
‘if user consent action status (e.g. accepting call) has not been given, then audio and video is never ever sent under any circumstances, overriding any other settings or preferences’
Is that really very hard to program? Genuine question!
You think the US is behind China with spying? Lol
No they probably just got caught messing up the layer like plain text passwords in Osx.
If it's not open source you have no idea. Encryption doesn't matter on closed source.
How many times does Apple need to lie to customers before you realize?
Man Apple was decent until Woz washed his hands of it all That's when everything began to change No heart anymore, no love, just show and they can't even do the show without Jobs
When you dig into it Apple isn't just emulating the worst from Microsoft. They are setting a new standard
Don't be a fan boy of any company making a profit from you. They will ride that into the ground in spectacular fashion.
Nothing will change until you have open source software that people can see and be able to choose what you want.
A walled garden is the same as a prison You actually think Apple is keeping you safe by saying that you can only use a reskined browser and keyboard
I wish they would open source Osx and ios for people to see. But they are not going to do that are they? Isn't any privacy by a company selling glass as a solid wall. How can you know the difference
We learned all this with Snowden and PRISM
No they probably just got caught messing up the layer like plain text passwords in Osx.
If it's not open source you have no idea. Encryption doesn't matter on closed source.
How many times does Apple need to lie to customers before you realize?
Man Apple was decent until Woz washed his hands of it all That's when everything began to change No heart anymore, no love, just show and they can't even do the show without Jobs
When you dig into it Apple isn't just emulating the worst from Microsoft. They are setting a new standard
Don't be a fan boy of any company making a profit from you. They will ride that into the ground in spectacular fashion.
Nothing will change until you have open source software that people can see and be able to choose what you want.
A walled garden is the same as a prison You actually think Apple is keeping you safe by saying that you can only use a reskined browser and keyboard
I wish they would open source Osx and ios for people to see. But they are not going to do that are they? Isn't any privacy by a company selling glass as a solid wall. How can you know the difference
We learned all this with Snowden and PRISM
Why would a beta tester think to even try this? It’s so simple yet not practical to even do.
So as soon as I don't answer and the call is cancelled because I didn't answer, everything ends right? Like calls going to VM after x rings? It's not like an unlimited spy tool, right?
FaceTime is off until it gets fixed though - not like I get many calls let alone FaceTime calls.
[doublepost=1548731771][/doublepost]
Guess not. Wow.
FaceTime is off until it gets fixed though - not like I get many calls let alone FaceTime calls
.[doublepost=1548731771][/doublepost]
Guess not. Wow.
Seems like they would of had something in place and screwed up the security layer one would normally have.
The question is why they had it in the first place to swap it around so easily with just a bug.
Seems like they had it in place already to relay it to somewhere else. A bug usually breaks it this points to sending it to a third party all the time. Unless they want to explain it which you know they won't.
I'm not a conspiracy guy buy I'd guess it's related to PRISM or whatever they call it now
This kind of stuff don't surprise me that much. As stated earlier in this thread, enough is enough. Since a couple of years, iOS bugs becomes way more frequent than before and takes way too long to be solved. Nowadays, its not rare that you'll see irritating bugs coming out of nowhere during beta test, you report this to Apple, and those bugs are STILL there 3-4 or even more than 5-6 months later.
There's some Accessibility bugs related to smart invert colours they never fixed that are present since iOS 12.0 beta 2, and new ones since 12.1. Apple needs to be way more proactive. Its not serious at all that bugs can last a year without any fix at all.
There's some Accessibility bugs related to smart invert colours they never fixed that are present since iOS 12.0 beta 2, and new ones since 12.1. Apple needs to be way more proactive. Its not serious at all that bugs can last a year without any fix at all.
I am sorry, but you are downplaying a really bad failure in QC in a security relevant iOS core technology, and I can’t by any means understand why you would want to do so.
You might not be a software engineer, but there are enough techniques to prevent these kind if bugs and some are really basic and not even special security related patterns.
This app starts the whole VOIP stack behind an “incoming call” screen. If you don’t understand that this is an application state that should not exist and that managment of application state is crucial for these kind of apps and a proven technique, I won’t be able to explain the engineering problem at hand to you. And that’s still not looking at all the other levels (multi-me in group chat, no physical user interaction check, no hard stop on press of power button) that should have prevented this supergate from happening. None of these checks were in place. This is a huge failure.
You might also agree that the amount of testing and QC that Boeing might put into their product might result in better products and “**** happens” might a more appropriate answer coming from your corner bicycle shop than from a plane company.
“**** happens” is always true, but lacks any insight into proven techniques of how to prevent **** to happen or leak in crucial situations. That said, may your diapers always match your needs.
(There are great patterns in diaper design, btw., that some might not know about and that still make the whole thing much more reliable and safe these days and therefor are standard now in diaper manufacturing.)