Apple has disabled the group chat feature of its FaceTime video calling service after a bug was discovered that allows users to eavesdrop on others via audio and video.
The bug, which takes advantage of a logic flaw in the app’s group chat, works like this: When making a FaceTime video call, the caller adds themselves to a group chat before the user on the other end picks up. Once added, the bug leads FaceTime to believe an active group call has started, even though the recipient hasn’t answered the call. The person who initiated the call can then hear audio from the recipient’s device.
Shortly after the initial audio bug was discovered, users also found that if recipients pressed the power or volume down button to silence or dismiss the call, video was transmitted back to the person initiating the call.
According to Apple’s status page, the company has turned off the group chat feature as a temporary reprieve. The company said prior to the status update that it would be patching in the issue “within the next 10 days.” The bug worked on any iOS or MacOS system where FaceTime was installed.
Social media was filled with instances of people replicating the bug Monday, leading droves of iPhone users to disable FaceTime.
— Benji Mobb™ (@BmManski) January 28, 2019
iPhone users. Turn off FaceTime until Apple issues a patch for iOS and you install it. Claims of major privacy issue discovered. Go to settings. Scroll down to FaceTime (green icon with camera) and switch off. https://t.co/hIRukshaTE
— Rob Joyce (@RGB_Lights) January 29, 2019
The revelation comes after Apple paraded numerous billboards around the Consumer Electronics Show in Las Vegas earlier this month, touting its focus the iPhone’s privacy features.
UNLESS THEY FACETIME YOU pic.twitter.com/OHt7340AGG
— InfoSec Taylor Swift (@SwiftOnSecurity) January 29, 2019
While Apple’s products are generally regarded as having tight security, the company has dealt with severe flaws in previous years. In November 2017, a bug was discovered that allowed people to bypass administrative accounts on MacOS simply by typing “root” and no password into various system preference logins.