Ap­ple deal­ing with eaves­drop­ping bug

The Tribune (SLO) - - Espresso -

Ap­ple has dis­abled a group-chat func­tion in Face­Time af­ter users said a soft­ware bug could let callers ac­ti­vate an­other per­son’s mi­cro­phone re­motely.

With the bug, a Face­Time user call­ing an­other iPhone, iPad or Mac com­puter could hear au­dio – even if the re­ceiver did not ac­cept the call. The bug is trig­gered when callers add them­selves to the same call to launch a group chat. That makes Face­Time think the re­ceiver had ac­cepted the chat.

The bug, demon­strated through videos on­line, comes as an em­bar­rass­ment for a com­pany that is try­ing to dis­tin­guish it­self by stress­ing its com­mit­ment to users’ pri­vacy.

“This is a big hit to their brand,” said Dave Kennedy, CEO of Ohio-based se­cu­rity firm Trust­edSec. “There’s been a long pe­riod of time peo­ple could have used that to eavesdrop. These things def­i­nitely should be caught prior to ever be­ing re­leased.”

There is no longer a dan­ger from this par­tic­u­lar bug as Ap­ple dis­abled group chats, while reg­u­lar, one-on-one Face­Time re­mains avail­able.

NBC News re­ported Tues­day that the fam­ily of a 14-year-old high school stu­dent in Tuc­son, Ari­zona, tried to in­form Ap­ple about the bug more than a week be­fore it be­came widely known to the pub­lic. The boy, Grant Thompson, said he dis­cov­ered it by ac­ci­dent while play­ing the game Fort­nite with a friend.

It’s hard to know if any­one ex­ploited the bug ma­li­ciously, said Erka Koivunen, chief in­for­ma­tion se­cu­rity of­fi­cer for Fin­nish com­pany F-Se­cure. He said it would have been hard to use the bug to spy on some­one, as the phone would ring first – and it’s easy to iden­tify who called.

Ap­ple said Tues­day that a fix will come in a soft­ware up­date later this week. Ap­ple de­clined to say when it learned about the prob­lem.

Kennedy com­mended Ap­ple’s quick re­sponse this week fol­low­ing re­ports of the bug by tech blogs. He pre­dicted the rep­u­ta­tional dent could soon be for­got­ten if it doesn’t be­come part of a pat­tern.

“All bugs are ob­vi­ous in ret­ro­spect,” said Eva Galperin, direc­tor of cy­ber­se­cu­rity at the Elec­tronic Fron­tier Foun­da­tion. “The truth is bugs are sub­tle, code is com­pli­cated and some­times things get through.”

Galperin said Ap­ple should de­velop a bet­ter process for field­ing re­ports about po­ten­tial se­cu­rity flaws. She said the 14-year-old’s dis­cov­ery of the prob­lem “just tells us a lot about re­port­ing se­cu­rity bugs de­pends on know­ing the right per­son.”

Ap­ple had in­tro­duced the 32-per­son video con­fer­enc­ing fea­ture in Oc­to­ber for iPhones, iPads and Macs. Reg­u­lar Face­Time calls aren’t af­fected un­less the caller turns it into a group chat.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.