A bug in FaceTime allowed you to eavesdrop and spy on iPhone owners

Image buzzfeednews.com

Currently, a significant problem has been widely discussed on social media found in FaceTime's voice and video calling service. The error allows you to call anyone through FaceTime, and immediately hear what is happening around the recipient’s phone, even before the person on the other end accepts or rejects the incoming call. The exploitation of the vulnerability is based on the use of group calls.



How to exploit FaceTime bug on iPhone:

1. Start a FaceTime video call using a contact on your iPhone.
2. During a call, swipe up from the bottom of the screen and tap Add User.
3. Enter your own phone number on the Add User screen.
4. You then initiate a FaceTime Group Call, including yourself, and hear audio from the person you originally called, even if you have not received the call.
5. If the called person presses the power button from the lock screen, his video (invisible to him) is also sent to the caller

Another method for receiving video from the called party was also discovered:

I just reproduced the problem - if you “join” the call using your invitation on another device (in this case, on another iPhone), you also get the video !!! Although the call is still ringing / not answered on the destination device.

The discussion of the problem on Twitter began on January 20, 2019, but the developers began to take visible measures to resolve the situation only on January 28.

Apple said the bug will be fixed by a software update “later this week.” Also, Apple Corporation decided to disconnect group calls in FaceTime until the patch was released and reflected it on the page with accessibility statuses of all the company's services.



Until the error is fixed, FaceTime can be disabled in the settings.



FaceTime group call feature was implemented in iOS 12.1, which was released on October 30 last year, and was actively promoted by Apple through television commercials: