Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call

Feeling vulnerable? Maybe turn off FaceTime until Apple confirms it has fixed this bug.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call

Don’t panic, but a bug has been found in FaceTime that could allow someone to spy on your conversation – and even see through your iPhone’s front-facing camera – before you answer an incoming call.

Word spread quickly of the problem after a tweet went viral, with a demonstration of the privacy goof.

And it’s not complicated to do.

As 9 to 5 Mac reports, the technique is alarmingly easy:

  • Start a FaceTime Video call with an iPhone contact.
  • Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
  • Add your own phone number in the Add Person screen.
  • You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

9 to 5 Mac later confirmed that the flaw could also be used to expose video footage from the targeted phone’s front-facing camera.

Inevitably, some are likely to use the technique to prank their friends (it’s hard to tell whether this following NSFW video is a joke or not… but obviously it’s not cool or funny to prank your friends in this fashion)

iPhone FaceTime hack

Right now, it’s hard to tell just how serious this crappy bug is. It doesn’t feel like a way for – say – a state-sponsored attacker to open a persistent hot mic on a targeted phone in another nation’s government.

But I would still be deeply disturbed if someone was able to spy on me, even for a short while, without me noticing. It’s easy how it might also be used by jealous partners and obsessive stalkers to spy on the vulnerable.

And it’s clearly deeply embarrassing to Apple (which is attempting to pitch itself as one of the more privacy-conscious companies.)

The FaceTime privacy problem needs to be fixed, and pronto. If you’re concerned, consider disabling FaceTime entirely until a fix is forthcoming.

Interestingly, Apple appears to already be attempting to mitigate the problem. A visit to the company’s system status webpage reveals that Group Facetime is currently unavailable.

Facetime issue

Given the level of attention this bug is going to get from the media, my guess is that Apple will issue a fix to iOS 12 pretty darn quick.

Unfortunately it shouldn’t have needed media attention to get this problem on Apple’s radar. From the looks of things, the problem was brought to Apple’s attention by the parent of a 14-year-old boy who discovered it over 10 days ago. There was no response from Apple.

Expect a patch from Apple in the coming days. If not earlier.

For more discussion on this issue, be sure to check out this episode of the “Smashing Security” podcast:

Smashing Security #113: 'FaceTime, Facebook, faceplant'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.