{"id":14431,"date":"2019-01-29T06:30:12","date_gmt":"2019-01-29T14:30:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/01\/29\/news-8183\/"},"modified":"2019-01-29T06:30:12","modified_gmt":"2019-01-29T14:30:12","slug":"news-8183","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/01\/29\/news-8183\/","title":{"rendered":"Apple\u2019s Group FaceTime: A place for spies?"},"content":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Tue, 29 Jan 2019 05:30:00 -0800<\/strong><\/p>\n

Apple has disabled<\/a> Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people\u2019s devices without permission. What\u2019s going on and what can you do about it?<\/p>\n

A\u00a09to5Ma<\/a>c\u00a0<\/em>report based on a video published to Twitter by @BmManski<\/a> revealed that this flaw lets a user listen to audio captured using another person\u2019s device before they accept or reject the call <\/em>requesting a FaceTime chat. The problem only affects iOS devices running iOS 12.1 or later (pending an update).<\/p>\n

In a statement, Apple said it is: \u201cAware of this issue\u2026 we have identified a fix that will be released in a software update later this week.”<\/p>\n

It appears video captured by the iPhone\u2019s front-facing camera can also be picked up, but only if the person you are contacting taps the Power button on the LockScreen.<\/p>\n

Apple has effectively disabled the bug by switching off its Group FaceTime service pending a software patch. Meanwhile users who are concerned about the problem may want to disable FaceTime on their devices.<\/p>\n

It is important to note that no one has claimed this fault impacts Macs.<\/p>\n

Apple says it will publish a software update to address this bug in the next few days. It has disabled Group FaceTime pending that fix, which is expected to appear later this week.<\/p>\n

No. This minor bug will be quashed quickly. It also seems important to note that the audio\/video only remains available for a short time, while the recipient device rings. The feed stops once the call is rejected.<\/p>\n

The big picture is a little more complex.<\/p>\n

The existence of a flaw like this one does nothing to dilute the arguments of many privacy advocates who believe users should take tight control of any applications that attempts to use the built-in cameras, microphones and other functions of the systems that they use.<\/p>\n

With extensive protections for privacy and security<\/a> across its systems, Apple makes it relatively easy to review which apps are attempting to use those features.<\/p>\n

To review the apps that are using your microphone and camera you should open the Privacy section in Settings>Privacy<\/em>where you can review which apps are demanding access to the following software and device features:<\/p>\n

It is a good idea to review all of these in order to ensure that only apps and services you trust can access this information. There are still some apps which (for example) demand access to your Contacts even though they seem to have little need to have that data.<\/p>\n

On a case-by-case basis you should decide which apps you trust less and disable access for them. Doing so may impact the functionality of an app (so replace it), but it also reduces your potential attack surface.<\/p>\n

I choose to provide very little access to most social media services<\/a> and refuse to access FaceBook except using Apple\u2019s Safari browser, in part because the app is an energy hog. \u00a0<\/p>\n

While I see no reason for any great panic about this particular bug, I do think it illustrates a real need to ensure users are given clear visual indicators whenever an app is using their camera or mic, covertly or overtly.<\/p>\n

I\u2019d urge platform providers Apple, Google and Microsoft to ensure this becomes a mandatory feature across all their operating systems in an attempt to help prevent covert or overt surveillance of this type. Such an indication would also provide customers with a small degree of reassurance.<\/p>\n

Please follow me on\u00a0Twitter<\/a>, and join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Tue, 29 Jan 2019 05:30:00 -0800<\/strong><\/p>\n

\n
\n

Apple has disabled<\/a> Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people\u2019s devices without permission. What\u2019s going on and what can you do about it?<\/p>\n

The bug, in brief<\/strong><\/h2>\n

A\u00a09to5Ma<\/a>c\u00a0<\/em>report based on a video published to Twitter by @BmManski<\/a> revealed that this flaw lets a user listen to audio captured using another person\u2019s device before they accept or reject the call <\/em>requesting a FaceTime chat. The problem only affects iOS devices running iOS 12.1 or later (pending an update).<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10480,10554,714],"class_list":["post-14431","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-ios","tag-mobile","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14431"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14431\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14431"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}