Update (08/02/19): Apple has announced today that Group FaceTime is now back online and the eavesdropping bug fix has begun rolling out to iOS and Mac users. The fix comes as part of the iOS 12.1.4 update, meanwhile Mac users will need to update their FaceTime app.
Apple reiterated that it is sorry for the issue. In order to protect users who haven’t updated their iOS device yet, the Live Photos feature of FaceTime will be blocked on those devices via Apple’s servers. To get the feature back, users will need to install the latest update.
The 14-year old responsible for finding the bug has been contacted by Apple and will be receiving a bug bounty award for doing so, although the exact payout is not yet known. Under Apple’s bug bounty program, the teenager could stand to earn anywhere from $25,000 to $200,000.
Update (05/02/19): Last week, a FaceTime group calling bug came to light, posing a serious threat to user privacy. Microphones on iPhones, iPads and Macs could be unknowingly activated just by being added into a FaceTime group call, even if the other user didn’t accept the call. Apple initially took FaceTime Group calling offline with plans to issue a fix last week, but it seems to be taking longer than expected.
In an updated statement given to 9To5Mac, Apple said that the issue has been fixed on its FaceTime servers, but the patch to re-enable Group FaceTime won’t arrive until later this week.
Apple also acknowledged the fact that it was actually a teenager that discovered the bug. An Apple executive has been sent out to meet them and they will be eligible for a payout via Apple’s bug bounty program.
Original story: Yesterday, it came to light that FaceTime group calling houses a major eavesdropping bug. The issue would allow people to call up and hear someone’s microphone even if they didn’t accept the call. As a result of this, Apple has taken FaceTime group calling offline completely while a fix is in the works.
The folks at 9To5Mac were first to report on the issue. All you needed to do to get this working was start a FaceTime video call with someone, then choose ‘add person’ and enter your own phone number to turn it into a group call. At that point, it wouldn’t matter if the person you were calling accepted or not, their microphone would be active and audible. The person ignoring your call wouldn’t be able to tell that their microphone was active either, making this a fairly huge privacy breach.
Image credit: Apple
Since then, Apple has updated its system status page to indicate that Group FaceTime is offline. Right now, Apple has yet to issue an ETA on when Group FaceTime will be back but a fix for this flaw is expected to land this week. At that point, service should return to normal.
KitGuru Says: Apple did have some issues getting Group FaceTime working in the first place but a bug like this is a pretty huge one to miss. A fix will be coming through this week, hopefully no other major privacy issues pop up after that.