A major security bug has hit FaceTime, allowing users to snoop on other contacts using the group conferencing feature on FaceTime. The bug essentially allows a user to – call anyone, add themselves to the call, and listen to them via their microphone, regardless of whether the call has been answered. The bug was discovered earlier today and at the time of writing this article, Apple has temporarily disabled its group conferencing feature to avoid the bug from spreading and causing havoc.
Here’s how it works – you begin with calling someone on FaceTime and while the call is being answered/rejected, you swipe up from the bottom and add yourself to the call. In a way, creating a conference call. Once you have added yourself, FaceTime assumes it to be a group FaceTime call and starts sending the audio of the other person on the call, even though they haven’t accepted the call.
Instant wiretap:
Step 1. FaceTime your friend
Step 2. Add your own number to the callSpy away! pic.twitter.com/Tl9AsSP2aZ
— Brandon Arvanaghi (@arvanaghi) January 29, 2019
Things get worse when a person is added to a conference call and to avoid being listened to, they hit the power button or volume button to end or silence the call. As by doing so, they end up broadcasting not only the audio but the video as well. On top of that, if a person is signed-in to FaceTime with the same account on multiple devices, they end up being potentially more vulnerable to the bug.
Apple has said that it will be releasing a fix for the bug later this week. And though it has disabled the conferencing feature temporarily, it would be a safe bet to disable the FaceTime service altogether. To disable it on an iPhone – go into Settings > FaceTime, and turn it off; on a Mac – open FaceTime, go into Preferences, and uncheck ‘Enable this account’.