Serious FaceTime bug allows you to listen remotely before anyone answers -- Apple to fix 'later this week'

[InfoSec News <alerts () infosecnews org>]

https://www.theverge.com/2019/1/28/18201383/apple-facetime-bug-iphone-eavesdrop-listen-in-remote-call-security-issue

By Dieter Bohn
The Verge
Jan 28, 2019

There's a serious bug in Apple's FaceTime video calling platform that has been 
bouncing around some corners of social media today, and that 9to5Mac just 
alerted us to: you can call somebody via FaceTime and listen to their phone’s 
microphone regardless of whether the person you’re calling picks up.

Reached for comment, an Apple spokesperson said "We're aware of this issue and 
we have identified a fix that will be released in a software update later this 
week.:

The Verge has just independently confirmed that it works using two iPhones 
running 12.1.2 in our office. Here’s how it goes: you begin calling somebody 
via FaceTime Video from within the Phone app. Before that person picks up, you 
can swipe up to add your own phone number to the call. Once you've added 
yourself, FaceTime immediately seems to assume it's an active conference call 
and begins sending the audio of the person you’re calling, even though they 
haven’t yet picked up.

In other words, if you see your iPhone ringing with a FaceTime video call, it's 
possible that the person calling you could listen to your microphone before 
you've picked up. The bug requires you have an OS that supports Group FaceTime 
to work, of course.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_