FaceTime bug allowed to overhear and spy on iPhone owners

Image buzzfeednews.com

Currently, social networks are widely discussed a significant problem found in the operation of the service of voice and video calls FaceTime. The error allows you to call anyone via FaceTime and immediately hear what is happening around the addressee’s phone, before the person at the other end accepted or rejected the incoming call. The exploitation of the vulnerability is based on the use of the group call feature.



How to exploit the FaceTime bug on the iPhone:

1. Start a FaceTime video call using the contact on the iPhone.
2. During a call, swipe up from the bottom of the screen and tap Add User.
3. Enter your own phone number on the Add User screen.
4. Then you initiate a FaceTime Group call, including yourself, and hear the audio from the person you originally called, even if he hasn’t received the call yet.
5. If the callee presses the power button from the lock screen, his video (imperceptibly for him) is also sent to the caller.

Also found another way to get video from the called party:

I just reproduced the problem - if you “join” the call using your invitation on another device (in this case, on another iPhone), you also get a video !!! Although the call is still ringing / not answered at the destination device.

Discussion of the problem on Twitter began on January 20, 2019, but developers began to take visible measures to resolve the situation until January 28.

Apple stated that the bug will be fixed by updating the software “later this week”. Apple also decided to disable group calls on FaceTime until the fix was released and reflected this on the page with accessibility status of all the company's services.



While the error is not fixed, FaceTime can be disabled in the settings.



The FaceTime group call feature was implemented in iOS 12.1, which was released on October 30 last year, and was actively promoted by Apple through TV commercials: