A critical security flaw in Apple’s Facetime voice and video chat software makes it possible to spy on users without their knowledge. The bug, which has been confirmed by Apple, allows Facetime users to listen to an iPhone’s microphone simply by calling the device even if the phone’s owner doesn’t pick up their call.
Video evidence of the bug was first posted to Twitter on Monday.
— Benji Mobb™ (@BmManski) January 28, 2019
Multiple outlets, including The Verge and BuzzFeed, were subsequently able to replicate the bug, and discover something even more serious: The caller gets access to a phone’s front-facing camera if someone receiving a call inadvertently presses their phone’s power button.
Apple told media in a statement that it was aware of the bug and getting ready to address it in a software update later this week. iPhone and iPad users concerned about their privacy may want to disable Facetime completely until that happens.
News of the flaw broke on Data Privacy Day, which Apple CEO Tim Cook commemorated by calling for tougher privacy protections. In a tweet sent out before the Facetime story broke, Cook wrote, “We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.”