Hacker News
The FaceTime Bug That Allows Users to Spy on Each Other

Security researchers have advised that Apple users should consider turning off their FaceTime app for a few days after a privacy bug has been unveiled. The unpatched bug could allow someone to see or hear you before you pick up the call.
Multiple users have been complaining about the privacy issue after the bug went viral on Twitter and other social media platforms. The bug works on iOS 12.1.2.
How the bug works:
- Select a FaceTime Video call with an iPhone contact
- While the call is still dialing, swipe up on the screen from the bottom, and tap the “Add Person” option.
- Add your own number as the added option
- You will now see that you are in a group FaceTime call, and you will be able to hear the audio from the person you dialed, even if they haven’t accepted the call.
Users are also reporting that if the recipient of the FaceTime call mutes the call by pressing the power button, or if they turn the volume down, their iPhone camera will also turn on.
Their iPhone screen will still display the call screen and they will be unaware that they are being heard or seen by the caller.
Apple hasn’t released a fix for the issue yet, but they have disabled the group calling feature.
Apple has said:
“We’re aware of this issue, and we have identified a fix that will be released in a software update later this week.”
It is recommended that users disabled the FaceTime calling feature on their iPhones, iPads, and Macbooks until the fix has been rolled out.
To disable FaceTime:
iPhone/iPad: Go to settings and scroll down to find “FaceTime”, and tap the toggle to turn it off.
Mac: Open the FaceTime app on Mac click on FaceTime at the top left corner in the menu bar and click ‘Turn off FaceTime.’.
Apple issued an apology on the matter:
“We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.”
The Thompson’s have stated that they notified Apple of the issue on January 22nd, however, Apple didn’t disable the Group FaceTime feature until the 28th January when it started to spread on Twitter. This has led many people to criticize how Apple handles security issues they are notified of.