A serious Apple iOS bug has been discovered that allows FaceTime users to access the microphone and front facing camera of who they are calling even if the person does not answer the call.
To use this bug, a caller would FaceTime another person who has an iOS device and before the recipient answers, add themselves as an additional contact to Group FaceTime. This will cause the microphone of the person you are calling to turn on and allow the caller to listen to what is happening in the room. Even worse, if the person that is being called presses the power button to mute the FaceTime call, the front facing caSecuritymera would turn on as well.
BleepingComputer has tested and confirmed that this bug works in iOS 12.1.2 and we were able to hear and see the person. When testing it against an Apple Watch, though, we were not able to get the audio portion of the bug to work.
While it is not known who first discovered this bug, numerous people have been posting about it on social media and making video demonstrations as shown below.
When 9to5Mac first reported on the bug, they were only able to get the microphone snooping working. Later, BuzzFeed reported that they could also access the front facing camera and that Apple stated that they are “aware of this issue and we have identified a fix that will be released in a software update later this week.
Natalie Silvanovich, a Google Project Zero security researcher who has discovered numerous FaceTime issues in the past, has a theory as to how this could be happening.
For those who are rightfully concerned about this bug, my suggestion is that you disable FaceTime immediately until Apple releases a patch. Otherwise, people can not only listen in on what you are doing, but in some cases also see what you are doing. This could allow people to take compromising videos and audio without your knowledge.
To disable FaceTime you can follow these steps:
- Go into Settings
- Tap FaceTime
- Now toggle the FaceTime switch so that it is disabled and your screens looks like the following.
Now that FaceTime is disabled, callers will be unable to utilize this bug to listen and watch you without your permission through FaceTime.
Source: Bleeping Computer