![](\"https:\/\/media.wired.com\/photos\/5c5081dd45e0ae2c6bccfb6e\/master\/pass\/Security_Facetime-bug-group-chat-967379156.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Tue, 29 Jan 2019 15:28:12 +0000<\/strong><\/p>\n It\u2019s often hard <\/span>to tell just how seriously to take reports of a new vulnerability. The jargon<\/a> is inscrutable, and the skills needed to pull off the attacks are possessed only by highly skilled professionals. But a bug afflicting Apple\u2019s FaceTime chat has no such ambiguity. How bad is it? Rather than risk exposing people to it, Apple pulled the plug on FaceTime group chats<\/a> altogether.<\/p>\n Unlike other high-profile gaffes, what makes this bug so alarming isn\u2019t the depth of knowledge someone could glean by exploiting it. It doesn\u2019t give hackers access to your emails or banking information. Instead, it lets a FaceTime caller listen in on whatever\u2019s happening on the other end of the line\u2014before the recipient answers the phone. With a few extra steps, they could trigger a video feed as well.<\/p>\n The exploit was also relatively simple to pull off. All someone had to do to trigger the illicit audio was start a normal FaceTime call, then quickly add their own number as a third person in a group chat. If the person you were calling pressed the power button from their iOS lock screen, they would have transmitted both video and audio. The bug was first reported<\/a> on Monday by Apple-focused news site 9to5Mac.<\/p>\n The implications are clear. While it\u2019s not the sort of high-wire attack you\u2019d find a nation state trying to pull off to steal intel secrets, it has deep potential consequences on a personal level. Even a few seconds of eavesdropping on an unguarded moment\u2014especially when the target is deciding whether to pick up your call\u2014is an unacceptable breach of privacy.<\/p>\n \u201cWe\u2019re aware of this issue and we have identified a fix that will be released in a software update later this week,\u201d Apple said in a statement.<\/p>\n But rather than wait for that fix to come around, as generally is the case, Apple took the additional step of shutting down group FaceTime chats altogether in the interim. It appears to be the first time the company has taken such aggressive steps to quash a software issue. The combination of high stakes and low barriers apparently made it not worth the risk.<\/p>\n Apple had a rocky year of security stumbles in 2017<\/a>, including a macOS High Sierra bug that let anyone gain root access<\/a> to a Mac by simply using the password \u201croot.\u201d But Apple regrouped last year, focusing on stability improvements rather than flashy new features<\/a>, a gambit that appears to have largely paid off.<\/p>\n Group FaceTime chats, which were also introduced last year, have not gone so smoothly. Last fall, security researcher Jose Rodriguez used a flaw in the new function to bypass the iOS lock screen<\/a> and view someone\u2019s entire address book. The two issues appear to be unrelated but speak to Apple's continued need to more rigorously vet new software pushes.<\/p>\n "We have not had the time to dig in and reverse-engineer the root cause of this bug yet, but there is no specific or special reason this would occur," says Will Strafach, an iOS security researcher and the president of Sudo Security Group. "It seems to be most likely an unfortunate chain of bad programming logic coded into the process for group FaceTime handling."<\/p>\n The best thing you can do for now? Well, nothing, really, given that Apple has already voided the issue. But do install that software update as soon as it comes through, whenever it does. In the meantime, there are other group chat apps<\/a> to tide you over. And take this whole ordeal as a not-so-gentle reminder that your smartphone has a microphone and a camera on it, and so does your computer, and maybe it\u2019s healthy not to trust all of those implicitly.<\/p>\n