Users have discovered a bug in Apple’s FaceTime video-calling application that allows you to hear audio from a person you’re calling before they accept the call—a critical bug that could potentially be used as a tool by malicious users to invade the privacy of others.
When Ars reached out to Apple for a statement, the company replied, “We’re aware of this issue, and we have identified a fix that will be released in a software update later this week.” An hour or two after this post went live, Apple disabled Group FaceTime to mitigate the bug.
The bug requires you to perform a few actions while the phone is ringing, so if the person on the other end picks up quickly, they might not be affected. Knowledge of how to use the bug is already widespread. The steps include:
We have tested this method and confirmed that it works. After a caller completes the steps, they will be able to hear the recipient’s audio—but the recipient will be able to hear the caller’s audio, too. It doesn’t really work for eavesdropping for that reason, thankfully, but you could potentially catch someone by surprise. After the steps have been followed, the caller’s end shows that the recipient is part of a FaceTime call. But as far as the recipient can tell, the recipient has not yet answered.
This is an unfortunate error on Apple’s part—first and foremost because it exposes users to risk, but also because Apple has worked aggressively to position itself as the tech company most focused on protecting users’ privacy. Apple executives like CEO Tim Cook have spoken about the importance of privacy frequently over the past several months to contrast Apple with rivals like Google, and privacy has played a key role in the messaging around recent product and software unveilings.
Further, Apple bought advertising visible to attendees at the Consumer Electronics Show this year (where it does not usually have a strong public presence) with the copy: “What happens on your phone stays on your phone.”
Until the fix comes later this week, that might not entirely be the case.
