1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Apple warned about FaceTime bug over a week ago, gets sued

By midian182 · 5 replies
Jan 30, 2019
Post New Reply
  1. Attorney Larry Williams II said in his complaint to the court that the issue allowed the intrusion of “one’s most intimate conversations without consent,” reports Bloomberg.

    The bug is present in Apple devices running iOS 12.1 or later, as well as Macs running Mojave. By initiating a Group Call and adding your own number after calling someone on FaceTime, it’s possible to hear the recipient’s audio before they answer. Should they use the power button to silence or ignore the incoming call, the camera will also be enabled, giving the dialer both audio and video of the person before they pick up.

    Williams, who said he was eavesdropped on while taking a sworn testimony during a client deposition, seeks unspecified punitive damages on his claims of negligence, product liability, misrepresentation, and warranty breach.

    Apple has disabled Group FaceTime to stop the vulnerability from being exploited. The Cupertino firm says it is working on a fix that’s scheduled to be released later this week.

    In related news, Apple was reportedly warned about the issue over a week ago. Fourteen-year-old Grant Thompson first made the accidental discovery, after which his mother, Michele Thompson, tried to inform the company via emails, calls, and tweets at CEO Tim Cook.

    As reported by CNN, Grant said he was hoping to get an Apple product, such as an iPhone X or MacBook Pro, for spotting the glitch. Michele says that while they didn’t report it for a reward, an acknowledgment would be appreciated.

    "Apple should reward people for reporting things of this nature -- not just reward the developers or the people who are savvy with tech," she said. "I think just thanking him would be great," she said.

    Permalink to story.

     
  2. m4a4

    m4a4 TS Evangelist Posts: 1,380   +939

    I can't tell if he actually knows he was eavesdropped, or just sees a convenient opportunity (I'm thinking the latter).
    Of course that's assuming you can't attempt/join Facetime without having the person as a contact first... As in, it won't be an "unknown" person.

    And I'm not surprised Apple (or any other big company) tried to keep this quiet. They like controlling the narrative, and this one is going to be amusing watching them try to spin it.
    As for the customer who reported it, it couldn't be that hard to work with them. A reward is nice, but don't feel entitled to one.
     
  3. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,143   +611

    Honestly, the mom probably shot herself in the foot here. Most companies like to patch bugs before they acknowledge them outside of bug bounty channels. By going through tech support on Twitter, and then calling the Fox New Twitter handle to it, no company in their right mind will pay up for that. Plus, for all she knows, Apple knew of the bug before this even and was working on a patch - they were just the first 'regular users' to notice it.
     
  4. Plutoisaplanet

    Plutoisaplanet TS Booster Posts: 73   +58

    Apple's bug bounty program is via email. How do you know they didn't submit the bug there? It seems like this person was frantically trying to contact Apple knowing how important privacy was as a lawyer. Even so, this person wasn't a tech person at all and seemed like they did the best they could to get the issue escalated.

    For anyone curious about the bug bounty program, it's buried in this one page: https://support.apple.com/en-us/HT201220
     
  5. Uncle Al

    Uncle Al TS Evangelist Posts: 5,015   +3,425

    Cook needs to pay this one out of his own pocket!
     
  6. Plutoisaplanet

    Plutoisaplanet TS Booster Posts: 73   +58

    Ok it looks like she did report it to product security:
    [​IMG]
     
    Clamyboy74 likes this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...