Apple has acknowledged a flaw in its FaceTime software that allowed for brief eavesdropping – even if the recipient did not pick up. In some cases the target iPhone could send video without the receiver’s knowledge.
The company said it had developed a fix and an update would be rolled out this week. In the meantime, Apple’s status page shows it has disabled the ability for users to make group calls on FaceTime.
The flaw, first revealed by the 9to5Mac blog, appears to occur when both users are running version 12.1 of Apple’s mobile operating system iOS, or newer. It also affects Mac users when they are called from an iPhone.
The technique involves using the software’s group chat function, apparently confusing the software into activating the target’s microphone, even if the call has not been accepted.
The eavesdropping ends when the call is cut after too many rings.
‘National Privacy Day’
In addition to audio, 9to5Mac reported that pressing buttons to block the call or turn off the device would result in video being sent to the call-maker, without the recipient’s knowledge.
In a statement, Apple told journalists: “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”
On social media, concerned users – including Twitter chief executive Jack Dorsey – suggested disabling the FaceTime function altogether, which can be done via the device’s settings menu.
Discovery of the flaw coincided with National Privacy Day in the US, a day heralded by Apple boss Tim Cook. “On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections,” he wrote on Twitter.
“The dangers are real and the consequences are too important.” New York governor Andrew Cuomo advised his city’s residents “to disable their FaceTime app until a fix is made available”,
He said: “The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk.
“In New York, we take consumer rights very seriously and I am deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes.”
Apple also recently made a big play of its privacy credentials at the recent CES tech expo in Las Vegas.
The company did not attend but placed a billboard near the event, reading: “What happens on your iPhone, stays on your iPhone.”
The timing of the revelations about the bug is awkward for Apple, which is due to announce its latest earning report on Tuesday. Analysts may question Mr Cook about the flaw.