Eavesdropping | KitGuru https://www.kitguru.net KitGuru.net - Tech News | Hardware News | Hardware Reviews | IOS | Mobile | Gaming | Graphics Cards Fri, 12 Jul 2019 13:05:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 https://www.kitguru.net/wp-content/uploads/2021/06/cropped-KITGURU-Light-Background-SQUARE2-32x32.png Eavesdropping | KitGuru https://www.kitguru.net 32 32 Apple disables Watch Walkie-Talkie app due to eavesdropping bug https://www.kitguru.net/lifestyle/mobile/apple/matthew-wilson/apple-disables-watch-walkie-talkie-app-due-to-eavesdropping-bug/ https://www.kitguru.net/lifestyle/mobile/apple/matthew-wilson/apple-disables-watch-walkie-talkie-app-due-to-eavesdropping-bug/#respond Fri, 12 Jul 2019 10:00:24 +0000 https://www.kitguru.net/?p=417902 While Apple normally likes to shout about its security efforts across its devices, the company has had a few notable slip ups lately. A few months ago, a FaceTime bug paved the way for secret eavesdropping through a Mac, iPhone or iPad microphone and now, a similar issue has been discovered as part of the …

The post Apple disables Watch Walkie-Talkie app due to eavesdropping bug first appeared on KitGuru.]]>
While Apple normally likes to shout about its security efforts across its devices, the company has had a few notable slip ups lately. A few months ago, a FaceTime bug paved the way for secret eavesdropping through a Mac, iPhone or iPad microphone and now, a similar issue has been discovered as part of the Apple Watch Walkie-Talkie app.

The Walkie-Talkie app was introduced to WatchOS 5 last year and is also based on FaceTime. Watch users can add someone to their Walkie-Talkie contact list and then quickly communicate with them via the watch's speaker and microphone using a ‘push to talk' system just like a walkie talkie. While two users would normally need to accept an invite to activate Walkie-Talkie communication on the Apple Watch, a recently discovered vulnerability could allow users to circumvent this and eavesdrop with no knowledge from the targeted user.

Apple has since issued a statement clarifying that it is “aware of the vulnerability” and has disabled the Walkie-Talkie function on Apple Watch while they investigate a fix. Currently Apple is “not aware of any use of the vulnerability against a customer”, so it looks like whoever discovered the exploit managed to keep everything quiet while reporting the issue to Apple directly.

A fix hasn't rolled out just yet but we should hear more in the coming days.

KitGuru Says: Apple has had a couple of security slip-ups lately but we've seen that they are much quicker to action nowadays and tend to be very proactive when it comes to issues like this. Hopefully a fix can be rolled out fairly soon. 

The post Apple disables Watch Walkie-Talkie app due to eavesdropping bug first appeared on KitGuru.]]>
https://www.kitguru.net/lifestyle/mobile/apple/matthew-wilson/apple-disables-watch-walkie-talkie-app-due-to-eavesdropping-bug/feed/ 0
Apple apologises for Group FaceTime eavesdropping bug, fix is now rolling out https://www.kitguru.net/lifestyle/mobile/apple/matthew-wilson/apple-takes-facetime-group-calling-offline-following-eavesdropping-bug/ https://www.kitguru.net/lifestyle/mobile/apple/matthew-wilson/apple-takes-facetime-group-calling-offline-following-eavesdropping-bug/#respond Fri, 08 Feb 2019 11:24:36 +0000 https://www.kitguru.net/?p=402246 Update (08/02/19): Apple has announced today that Group FaceTime is now back online and the eavesdropping bug fix has begun rolling out to iOS and Mac users. The fix comes as part of the iOS 12.1.4 update, meanwhile Mac users will need to update their FaceTime app. Apple reiterated that it is sorry for the …

The post Apple apologises for Group FaceTime eavesdropping bug, fix is now rolling out first appeared on KitGuru.]]>
Update (08/02/19): Apple has announced today that Group FaceTime is now back online and the eavesdropping bug fix has begun rolling out to iOS and Mac users. The fix comes as part of the iOS 12.1.4 update, meanwhile Mac users will need to update their FaceTime app.

Apple reiterated that it is sorry for the issue. In order to protect users who haven't updated their iOS device yet, the Live Photos feature of FaceTime will be blocked on those devices via Apple's servers. To get the feature back, users will need to install the latest update.

The 14-year old responsible for finding the bug has been contacted by Apple and will be receiving a bug bounty award for doing so, although the exact payout is not yet known. Under Apple's bug bounty program, the teenager could stand to earn anywhere from $25,000 to $200,000.

Update (05/02/19): Last week, a FaceTime group calling bug came to light, posing a serious threat to user privacy. Microphones on iPhones, iPads and Macs could be unknowingly activated just by being added into a FaceTime group call, even if the other user didn't accept the call. Apple initially took FaceTime Group calling offline with plans to issue a fix last week, but it seems to be taking longer than expected.

In an updated statement given to 9To5Mac, Apple said that the issue has been fixed on its FaceTime servers, but the patch to re-enable Group FaceTime won't arrive until later this week.

Apple also acknowledged the fact that it was actually a teenager that discovered the bug. An Apple executive has been sent out to meet them and they will be eligible for a payout via Apple's bug bounty program.

Original story: Yesterday, it came to light that FaceTime group calling houses a major eavesdropping bug. The issue would allow people to call up and hear someone's microphone even if they didn't accept the call. As a result of this, Apple has taken FaceTime group calling offline completely while a fix is in the works.

The folks at 9To5Mac were first to report on the issue. All you needed to do to get this working was start a FaceTime video call with someone, then choose ‘add person' and enter your own phone number to turn it into a group call. At that point, it wouldn't matter if the person you were calling accepted or not, their microphone would be active and audible. The person ignoring your call wouldn't be able to tell that their microphone was active either, making this a fairly huge privacy breach.


Image credit: Apple

Since then, Apple has updated its system status page to indicate that Group FaceTime is offline. Right now, Apple has yet to issue an ETA on when Group FaceTime will be back but a fix for this flaw is expected to land this week. At that point, service should return to normal.

KitGuru Says: Apple did have some issues getting Group FaceTime working in the first place but a bug like this is a pretty huge one to miss. A fix will be coming through this week, hopefully no other major privacy issues pop up after that. 

The post Apple apologises for Group FaceTime eavesdropping bug, fix is now rolling out first appeared on KitGuru.]]>
https://www.kitguru.net/lifestyle/mobile/apple/matthew-wilson/apple-takes-facetime-group-calling-offline-following-eavesdropping-bug/feed/ 0