Eavesdropping bug Apple brand spot



Apple deactivated a group chat feature on FaceTime after users said a software bug could allow callers to remotely activate another person's microphone.

With the bug, a FaceTime user connecting to another iPhone, iPad or Mac can listen to audio – even if the receiver does not accept the call. The bug is triggered when callers add to the same call to start a group chat. This causes FaceTime to think that the receiver has accepted the chat.

The bug, demonstrated through online videos, comes as an embarrassment to a company that is trying to stand out by emphasizing its commitment to user privacy.

"This is a great success for their brand," said Dave Kennedy, CEO of Ohio-based security company TrustedSec. "There has been a long time when people could have used it to spy. These things should definitely be detected before they are released."

There is no longer any danger of this particular bug, since Apple's group chats have been disabled, while regular and individual FaceTime remains available.

NBC News and The Wall Street Journal reported on Tuesday that the family of a 14-year-old student in Tucson, Arizona, tried to inform Apple about the virus more than a week before it became widely known to the public. The boy, Grant Thompson, said he discovered by accident while calling his friends to play the game Fortnite.

It's hard to know if someone exploited the bug maliciously, said Erka Koivunen, director of information security at Finnish company F-Secure. He said it would have been difficult to use the bug to spy on someone, since the phone would ring first – and it's easy to identify who called.

Apple said on Tuesday that a fix will be released on a software update later this week. Apple declined to say when it learned the problem. The company also would not say if it has logs that could show if someone took advantage of the bug before it became publicly known this week.

Kennedy praised Apple's rapid response this week following reports of the bug by technology blogs. He predicted that the tooth of reputation might soon be forgotten if it did not become part of a pattern.

"All the bugs are obvious in retrospect," said Eva Galperin, director of cyber security at the Electronic Frontier Foundation. "The truth is that the bugs are subtle, the code is complicated and sometimes things happen."

Galperin said Apple should develop a better process for reporting on potential security breaches. She said the 14-year-old boy's discovery of the problem "just tells us a lot about reporting security bugs depends on knowing the right person."

Apple introduced the October 32 video conferencing feature for iPhones, iPads and Macs. Regular FaceTime calls are not affected unless the caller converts you to a group chat.

The news of the bug came when Apple reported that profit in the last three months of 2018 fell slightly to $ 20 billion, while revenue fell 5 percent from the previous year to $ 84 billion. Earlier this month Apple reported that demand for iPhones was declining and that its earnings for the last quarter of 2018 would fall short of its own forecasts – a rare downgrade of the company.


Source link