A bug in FaceTime, Apple’s video and audio chat service for iPhones, allows callers to access the microphone and front-facing video camera of the person they are calling, even if that person hasn’t picked up.
A video showing the series of steps required to trigger the bug went viral on Twitter and Snapchat. 9to5Mac reproduced the steps and reported that “the bug does not seem to expose the video camera for covert spying — just the microphone.” However, a test by BuzzFeed News confirms that an iPhone’s front-facing video can be accessed.
In a statement, an Apple spokesperson said the company is “aware of this issue and we have identified a fix that will be released in a software update later this week.” Until the update is released, go to your iPhone Settings and disable FaceTime to avoid anyone snooping on your conversations or surroundings.
In BuzzFeed News’ test, an iPhone X was used to initiate a FaceTime video call to a recipient using an iPhone 8. After following the instructions outlined by 9to5Mac, the iPhone X caller could hear audio from the iPhone 8’s microphone. After the call recipient pressed the volume-down button, footage from the iPhone 8’s front-facing camera could be seen on the iPhone X — even though the call recipient had not answered the call.
And when the call recipient, the iPhone 8, had “Do Not Disturb” turned on, the caller could not access the recipient’s microphone.
Both devices were running the latest version of iOS.
Apple recently patched a separate FaceTime security bug that allowed hackers to initiate a FaceTime call from an iPhone.
Jan. 29, 2019, at 04:16 AM
As of 7:16 p.m., Apple’s System Status page has marked the server running Group FaceTime, which contains the bug, as “temporarily unavailable.” Disabling the feature may be the company’s temporary fix for the issue until it can release another security update.
Jan. 29, 2019, at 17:12 PM
On January 20, Twitter user @MGT7500 reported that their “teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval.”
Later, on January 28, the same Twitter user claimed that the reported flaw was the Group FaceTime bug that, according to a screenshot of an email sent to Apple, “allows users to listen in on other users without their permission.” If that’s the case, Apple may have been aware of the flaw for over a week, before taking the Group FaceTime feature offline to protect users.
A video, purportedly sent to Apple on Jan. 23 by the teen and his mom, shows how the bug is triggered.