Craig Federighi, Apple’s senior vice president of Software Engineering, discussing Group FaceTime at the 2018 Apple Worldwide Developers Conference in San Francisco.
Photo: Marcio Jose Sanchez (AP)

A jaw-dropping flaw in Apple’s FaceTime software allows for users to eavesdrop on others while a call is still ringing, according to 9to5Mac.

The bug works by simply dialing another user, then swiping up and inserting the originating number via the “Add Person” screen before it is answered. FaceTime apparently is thus tricked into believing that a Group FaceTime conference call is occurring, transmitting audio from the recipient’s device whether or not they have accepted or rejected the call.

Advertisement

Gizmodo was able to replicate the bug in a matter of seconds simply by following those steps.

According to the Verge, this very serious security issue is compounded by another: While said “conference call” is happening, if the recipient hits the power or volume button to ignore the call, their device will start sending audio as well as video from its front-facing camera, again without any visual notification (though in this instance, it also activates the caller’s audio). That flaw was further confirmed by Mashable and BuzzFeed News, the latter of which noted that activating Do Not Disturb mode appears to at least block microphone access.

Advertisement

According to 9to5Mac, the issue is even more serious with Mac computers:

We have also replicated the problem with an iPhone calling a Mac. By default, the Mac rings for longer than a phone so it can act as a bug for an even longer duration.

Advertisement

Apple told BuzzFeed News in a statement that it is “aware of this issue and we have identified a fix that will be released in a software update later this week.” However, seeing as it appears as though any FaceTime user with a device that supports Group FaceTime (iOS 12.1/MacOS Mojave 10.14.1 or later) could potentially be streaming audio or video to anyone without their knowledge—and the steps required to do this are both trivial and currently making the rounds on the internet—everyone should absolutely disable FaceTime until Apple gets around to fixing this.

On an iOS device, simply navigate to the Settings application and switch the toggle on the FaceTime icon to gray. On a Mac, open the FaceTime app, then click FaceTime in the menu bar and select “Turn off FaceTime.”

Update: 1/28/2019 at 11:15 p.m. ET: According to Bloomberg’s Mark Gurman, it looks like Apple is in the process of disabling Group FaceTime features.

Advertisement

[9to5Mac/The Verge/BuzzFeed News]