One of the features that many Apple users were looking forward to with the iOS 12 update that landed in 2018 was the Group FaceTime feature that allowed multiple users to chat and see each other at the same time. A severe bug in group FaceTime has been discovered, and the bug had users understandably upset because it would allow anyone to call via Facetime and hear what the person on the other end of the call was
The flaw was exploited by adding yourself to a FaceTime call before the person on the other end picks up, by swiping up from the bottom of the screen before the call is answered and adding yourself to the call. That fooled FaceTime into thinking that the call was active, forcing the camera and microphone of the person you were calling to send data. Apple has promised that a fix for the bug would be issued in a patch this week. The flaw reportedly impacts any iPhone devices running iOS 12.1 or later.
I just replicated the issue - on top of that, if you “join” the call using your invitation on another device (in this case another iPhone) you also get video!! Even though the call is still ringing / not answered on the destination device.
— Jessassin (@Jessassin) January 29, 2019
Early on when the flaw was first made public, the only way to protect yourself from being exploited using the bug was to disable FaceTime altogether. Apple has now stepped in and done its part to mitigate the bug by disabling Group FaceTime for all users until the patch is issued. Before Group FaceTime was disabled, the user on the other end had no idea that audio, and potentially video, was being sent to the caller; all the victim saw was the accept or decline button on the screen.
For the user device to send video, they had to press the Power button from the lock screen, but if that button was pressed the user had no idea video was being sent to the person on the other end of the FaceTime call. Reports indicate that the same exploit could be used against a Mac if the iPhone calls the Mac computer and since the Mac rings longer by default, the eavesdropping goes on longer.
(Top Image Courtesy Chris Velazco)