Apple has disabled the group calling feature within its FaceTime calling service after it was found to house a nasty bug that allows eavesdropping.
Apple’s status page shows that group calling via FaceTime is “temporarily unavailable” — that’s likely a stop-gap move while the company works on a more permanent fix to the problem. We were unable to set up a group call when we tried, having earlier been able to do and replicate the issue.
All being well, this fix means that users don’t need to completely disable FaceTime due to the bug, but it is understandable if some people are hesitant to switch it on again.
The vulnerability was unearthed on Monday and it is activated when a user initiates a group call but adds themselves as a participant, as we explained in our earlier post:
The bug relies on what appears to be a nasty logic screwup in FaceTime’s group call system. While we’re opting to not outline the steps here, the bug seems to trick the recipient’s phone into thinking a group call is already ongoing. A few quick taps, and FaceTime immediately trips over itself and inexplicably fires up the recipient’s microphone without them actually accepting the call.
Weirder yet: if the recipient presses the volume down button or the power button to try to silence or dismiss the call, their camera turns on as well. Though the recipient’s phone display continues showing the incoming call screen, their microphone/camera are streaming.
Apple told us and other media that it plans to issue a more permanent solution in the coming days.
“We’re aware of this issue and we have identified a fix that will be released in a software update later this week,” a spokesperson said.
It’s interesting to note that the group calling feature actually took longer than planned to arrive in iOS follow a hiccup. It was added then removed from the beta version of iOS 12 in August while it took time to roll out to all users. The feature was absent when iOS 12 shipped to all in September and, instead, it arrived with the launch of iOS 12.1 in October. Apple never provided a reason for the delay.
The bug is an embarrassing incident for Apple, which has long emphasized its focus on privacy as a business and within its products. That included a recent banner at CES which triumphantly proclaimed: “What happens on your iPhone, stays on your iPhone.”
