The terrible FaceTime bug that made news headlines within a day earlier this year in January, fired up the internet with warnings, requests & advices, so much so that Apple had to disable group FaceTime completely until the company came up with its fix. Not taking much time, a week later on Feb 7, Apple released an update cracking the FaceTime issue. Lets look into the history and details of the most crucial setback Apple came across.
What was the bug?
The bugCVE-2019-6223 that invaded Apple’s FaceTime, allowed the callers in a few steps, to activate the microphone & the camera as well on any person they called via FaceTime, and hear in without them actually accepting the incoming call.The issue was discovered by 14-year old Grant Thompson. Apple though says that Daven Morris of Arlington, Texas, spotted it as well and reported to Apple on 19 Jan 2019. It was initially reported by a user named Benji Mobb on Twitter and then by 9to5 Mac reported it along with the direction steps on how the caller can tap into the recipient microphone. Reports by The Verge said that, even if the recipient tries to end the call by tapping the power button, it shuts the audio but the audio still is visible to the caller. It constructed up to a huge privacy concern for obvious reasons. Its scary to realize that anyone can call us and jump into our space, with just a few steps.
How did Apple respond initially?
Apple addressed the issue on 28 January and released a statement on 2nd Feb which said ‘’ We sincerely apologize to our customers who were affected and who all were concerned about this security issue. We appreciate everyone’s patience as we complete the process.’’ During the same week, Apple’s spokesperson told CNBC that ‘’We are aware of this issue and we have identified a fix that will be released in a software update later this week.’’
Along with the software update iOS 12.1.4 on Thursday Feb 7, Apple released a statement,“Today’s software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.”
The update iOS 12.1.4 -
The cause- As per the details of the update released by Apple, the bug stemmed from a ‘logic issue’ that existed in FaceTime’s group calling feature. This feature came along with the launch of iOS 12 by the end of last year 2018. Group video and audio calls were amongst the highlighting features of iOS 12.
The post also said that the issue was addressed with improved state management.
Availability- The update was available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
The company thanked theThompson family for though for bringing such big issue to notice and rewarded with compensation and educational support. But reports suggest that the teenager along with his mother Michele struggled enough to receive company’s attention to report the problem, until it got viral on internet. As per Associated Press, Michele Thompson stated that, "There needs to be a better process for the average citizen to report things like this. And a timelier response."
Thomson Reed, director of Mac and mobile at Malwarebytes security firm said that, ‘’What concerns me is the fact that there’s evidence that this was reported to Apple beforehand. I know and respect the folks in Product Security, but I wonder if there was some resistance from higher up to shutting down the service’’.
Wardle said, ‘’Any software is going to have bugs. However, it seems inexcusable that apple allows this and many other bugs to make it into production code. They clearly have the time and resources to perform sufficient quality and assurance testing, but often they choose usability and getting features to market over security and comprehensive testing. There have been other similar bugs where we are all left scratching our heads.’’
Apple on the matter said in a statement that,"We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible."
Comments will be approved before showing up.