Apple warned about FaceTime bug over a week ago, gets sued

[midian182]

A hot potato: In some unsurprising news, Apple is being sued over the FaceTime bug that recently came to light. The case is being brought by a Houston lawyer, who claims the glitch allowed an unknown person to listen in on his private conversation with a client. It's also been revealed that the firm was informed about the problem over a week ago.

Attorney Larry Williams II said in his complaint to the court that the issue allowed the intrusion of “one’s most intimate conversations without consent,” reports Bloomberg.

The bug is present in Apple devices running iOS 12.1 or later, as well as Macs running Mojave. By initiating a Group Call and adding your own number after calling someone on FaceTime, it’s possible to hear the recipient’s audio before they answer. Should they use the power button to silence or ignore the incoming call, the camera will also be enabled, giving the dialer both audio and video of the person before they pick up.

Williams, who said he was eavesdropped on while taking a sworn testimony during a client deposition, seeks unspecified punitive damages on his claims of negligence, product liability, misrepresentation, and warranty breach.

Apple has disabled Group FaceTime to stop the vulnerability from being exploited. The Cupertino firm says it is working on a fix that’s scheduled to be released later this week.

In related news, Apple was reportedly warned about the issue over a week ago. Fourteen-year-old Grant Thompson first made the accidental discovery, after which his mother, Michele Thompson, tried to inform the company via emails, calls, and tweets at CEO Tim Cook.

My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews

— MGT7 (@MGT7500) January 21, 2019

As reported by CNN, Grant said he was hoping to get an Apple product, such as an iPhone X or MacBook Pro, for spotting the glitch. Michele says that while they didn’t report it for a reward, an acknowledgment would be appreciated.

I have letters, emails, tweets and msgs. sent to Apple for 10+ days reporting the Group FaceTime bug that lets someone listen in. My teenager discovered it! Never heard back from them. #apple #facetimebug @FoxNews @cnbc @CNN

— MGT7 (@MGT7500) January 29, 2019

"Apple should reward people for reporting things of this nature -- not just reward the developers or the people who are savvy with tech," she said. "I think just thanking him would be great," she said.

Permalink to story.

https://www.techspot.com/news/78497-apple-warned-about-facetime-bug-over-week-ago.html

 

[m4a4]

I can't tell if he actually knows he was eavesdropped, or just sees a convenient opportunity (I'm thinking the latter).
Of course that's assuming you can't attempt/join Facetime without having the person as a contact first... As in, it won't be an "unknown" person.

And I'm not surprised Apple (or any other big company) tried to keep this quiet. They like controlling the narrative, and this one is going to be amusing watching them try to spin it.
As for the customer who reported it, it couldn't be that hard to work with them. A reward is nice, but don't feel entitled to one.

 

[mbrowne5061]

Honestly, the mom probably shot herself in the foot here. Most companies like to patch bugs before they acknowledge them outside of bug bounty channels. By going through tech support on Twitter, and then calling the Fox New Twitter handle to it, no company in their right mind will pay up for that. Plus, for all she knows, Apple knew of the bug before this even and was working on a patch - they were just the first 'regular users' to notice it.

 

[Plutoisaplanet]

Honestly, the mom probably shot herself in the foot here. Most companies like to patch bugs before they acknowledge them outside of bug bounty channels. By going through tech support on Twitter, and then calling the Fox New Twitter handle to it, no company in their right mind will pay up for that. Plus, for all she knows, Apple knew of the bug before this even and was working on a patch - they were just the first 'regular users' to notice it.

Apple's bug bounty program is via email. How do you know they didn't submit the bug there? It seems like this person was frantically trying to contact Apple knowing how important privacy was as a lawyer. Even so, this person wasn't a tech person at all and seemed like they did the best they could to get the issue escalated.

For anyone curious about the bug bounty program, it's buried in this one page: https://support.apple.com/en-us/HT201220

 

[Uncle Al]

Cook needs to pay this one out of his own pocket!

 

[Plutoisaplanet]

Apple's bug bounty program is via email. How do you know they didn't submit the bug there? It seems like this person was frantically trying to contact Apple knowing how important privacy was as a lawyer. Even so, this person wasn't a tech person at all and seemed like they did the best they could to get the issue escalated.

For anyone curious about the bug bounty program, it's buried in this one page: https://support.apple.com/en-us/HT201220

Ok it looks like she did report it to product security: