A mod is merging things now so I dunno lol. That and I get a text input error here. Also why I am missing periods and other things
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Serious FaceTime Bug Lets You Hear a Person's Audio Before They Answer [Update: And See Video]
- Thread starter MacRumors
- Start date
- Sort by reaction score
So open source is the way to go to avoid issues of this kind or really any issues supposedly because open source software wouldn't have something on this level. But then when it's pointed out that it can and in fact has we move to that it was patched quickly vs. that it supposedly can't have issues and would be the solution to all these problems. Inconsistencies like that demonstrate the underlying reality that in theory things can be made almost perfect, but in reality that isn't achievable, and even if it gets close, it's still not perfect and can still have issues nonetheless.
How come the Heartbleed vulnerability was not discovered by the OpenSSL code directly then? It was discovered by a firm intentionally hacking themselves instead of reading the OpenSSL code.
That is my point. People like to think being open source is this holy grail of bug free software when it is not.
And you can install things when you choose on possibly more stable builds that have been audited.
Anymore I don't want more features. I want stable and secure and I want less updates if what I have is proven stable and secure.
Operating systems and even mobile hardware now is mature and can last a long time.
I have a s6 laying in the corner but it's missing security updates and I'm not happy about that. When it has a beautiful screen and it's plenty fast Battery is junk now but I'd replace it if it was just secure to the known stuff.
But it makes a nice remote with the ir blaster lol.
I agree with that. I want another Windows 7. Something that takes years to develop and is solid. Not this Windows 10 mess where it is a gamble as to what bug will be next in 1903. Same with Apple and every software too. Including Video Games. I now mostly prefer Indie games these days due to massive bugs in the first few weeks of a games release
Agreed the SSL failure was a significant realization for the open source community even their system was not perfect. Maybe group think was an issue. Perhaps there was something sinister. Or probably just **** happens.
I will also agree a close door system by a supposedly trusted corporation with financial interests in their success should make good results. Unfortunately we are now becoming suspicious it is no longer that simple. Am I paranoid, does not seem to just be me?
I forget why in detail but if I remember right everyone just thought it was fine so no one really looked. Didn't it effect everything that was nix and almost Unix or it did that also and osx?
I forget but it even affected android if you used ssh. It exposed a problem with people reviewing open source and really helped correct that. If I remember people just over looked it and probably something else I don't remember.
Open source isn't perfect but it's better than for example the history of windows. No one is safe but the point is that the most secure is the one you can see and fix. At the same time with your code out there you may not be safe at first because of it.
I'd rather everyone see my OS and hope that people who know way more than me can fix it. Compared to someone like my own government or another who pays people to do so.
You have to hope that man is better than the money. But at the same time that's why you have the white hate contests and bug bountys. Pay them for their work to expose weird vulnerabilities.
I also worked in a couple of games one for the advertising company in second life. It was hilarious with some of the bugs/exploits.
Back then I had to use them from griefers. It would make a good story now and I got to know many of the lindens. I was banned more than a 100 times and they tried hardware bans as well.
Now I want to go back thinking about it lol. Nothing more satisfying than making a gm relog when they are wrong.
Im probably losing focus on the subject again but it was fun there for a few years.
[doublepost=1548741551][/doublepost]
Well I hope so. Wasn't that only for su and not having a different password or did I forget? I think part of it was the default set at the beginning when you enabled su.
[doublepost=1548742167][/doublepost]
I don't think it's paranoid on a important system. I don't think many view mobile as that important when it might be one of the most important now as a individual.
And intels memory management crap with specter and all that. Also the efi issues now with things you can't remove.
We are so caught up in making things easier and make it less secure.
Last time I setup really secure chat and email I just stopped using it because it's a pain.
Then all of it goes out the window when I send the key to someone outside of it, which you have to to start lol.
Software hurts my head and that's why I am a mechanical engineer. Give me tolerances and a problem on something physical and I got it.
Can edit code to make things work how they are supposed to but I'm not making anything from the ground up. But if you need a measurement and piece of metal be exact to 0.001 I got you covered lol.
[doublepost=1548742392][/doublepost]
Some issues also lie in hardware more or less like specter and meltdown. For now it seems like we need updates until we throw all that stuff away. And I don't know when Intel is going to actually fix it. I have not kept up with it.
Another huge mess especially for servers running vms.
[doublepost=1548742842][/doublepost]Nice to see actual discussion here from all of you still talking about this.
It was enjoyable compared to what I normally see.
Im gonna get to bed but I do appreciate actual conversation and not the usual android/windows bad I see here anymore.
Might be interesting how Apple handles this and if they say anything.
I do hope they are the ones to introduce a cross platform end to end encryption that is open source. They could be the ones to make a standard instead of yet another.
Open source can be looked at for security issues. However, that doesn't happen automagically, and there are a tremendous amount of issues with the idea, conceptually speaking.
First, you need to understand what the software is supposed to do, what it does, and how it interacts with whatever it interacts with. Then you have to understand the codebase. Then you have to figure out how to break/exploit it.
This usually requires time, effort, and skill. Most people with all three have real jobs and not a lot of free time.
First, you need to understand what the software is supposed to do, what it does, and how it interacts with whatever it interacts with. Then you have to understand the codebase. Then you have to figure out how to break/exploit it.
This usually requires time, effort, and skill. Most people with all three have real jobs and not a lot of free time.
People shouldn't laugh at this. It shows how easy it is for the authorities to implant a bug. It has been used. All this is one of the reasons that the US want Huawei to go away, because it reduces the US's ability for espionage and planting of backdoors.
Your comment is off-topic, but computers have had "sans serif" fonts for 30+ years. Has that concerned you?
Imagine this situation:
*FaceTime rings*
Person 1: "Oh, my, it's that idiot, again! I can't speak with that fool, I am not in the mood."
Person 1: "Actually, let's see what he wants..."
Person 1: "Oh, hi my friend. I was just thinking about you, and..."
Person 2: "F off!"
*call ends*
*FaceTime rings*
Person 1: "Oh, my, it's that idiot, again! I can't speak with that fool, I am not in the mood."
Person 1: "Actually, let's see what he wants..."
Person 1: "Oh, hi my friend. I was just thinking about you, and..."
Person 2: "F off!"
*call ends*
I haven't read every comment, but if it's true that:
Correct me if I'm wrong.
I'm an Apple fanboy, but I won't ignore the truth. Was Apple aware of this before it was discovered in the wild?
Now, as an engineer, I can understand how this bug could have happened. Group FaceTime is a session-based system. Obviously, when adding your own number, it sends a signal to all participants (joined or not) that a party has joined, when the person in that signal was the originator of the call to begin with.
That's a logic error, and engineers should have tested this scenario early, regardless of whether people would do this in the real world or not.
- The latest beta does not exhibit the problem
Correct me if I'm wrong.
I'm an Apple fanboy, but I won't ignore the truth. Was Apple aware of this before it was discovered in the wild?
Now, as an engineer, I can understand how this bug could have happened. Group FaceTime is a session-based system. Obviously, when adding your own number, it sends a signal to all participants (joined or not) that a party has joined, when the person in that signal was the originator of the call to begin with.
That's a logic error, and engineers should have tested this scenario early, regardless of whether people would do this in the real world or not.
No.
But on your Mac when the green LED camera indicator isn’t hardwired to the camera power, it makes you start to wonder.
Exactly. Why else would pressing the power button switch to video? Obvious back door.
What's funny is the people saying how this is horrible and we should punish those responsible. I don't know how every combination of FaceTime is tested but how many people think, you know what, I'm going to make a FaceTime call and I bet if I add myself (via my phone number) to a group call along with myself already there and the other person I'll be able to hear what they say without them accepting the call!
I get that the main fix is prohibiting transmission of audio/video until a call is accepted.
I get that the main fix is prohibiting transmission of audio/video until a call is accepted.
I sound like a broken record lately but, apple needs to separate their apps from the OS so they can be updated more often, and they really need to get their software issues under control. The last few years of apple software have been nothing but disappointment.
I agree with your statement, except Apple charges a premium over other manufacturers, and constantly brags about perfection... thus making this unacceptable and inexcusable.
Can you imagine? Putting your iPhone on a charging stand bedside and enabling DND because you and your girl about to get freaky. Someone call you up and use this exploit to see what you’re doing but you won’t know because it’s on DND. Then they screen record you and your girls performance. Yikes!
Perhaps you can supply a link where Apple brags about their large array of software (OSs, apps, etc) being 100% bug-free?
Thanks.
Agreed, someone didn't read (person you quoted)... For the video to work you have to hit the power button during a facetime call for video to activate. If a phone is left on the charging stand, the only thing that could happen is audio, but now that has been prevented due to Apple turning off group facetime.
Then again, if I'm trying to get attention it is better not to post facts, so I apologize.
Your scenario isn't going to happen unless "Person 2" is trying to spy on "Person 1" because this only happens (happened, before Apple disabled group FT) with group FT. There's an exploit wherein the caller adds themself as the "third party," tricking FT into thinking a 2-way call is a 3-way call, but that's obviously a deliberate action by the caller to spy on the target.
I guess it could happen (could have happened) if Person 1 and Person 2 initiate a call with Person 3, who makes annoyed comments, but not in a two-way call, unless there's an intent to spy.