Apple has acknowledged a flaw in its FaceTime software that allowed for brief eavesdropping even if the recipient did not pick up. In some cases, the target iPhone would send video, probably without the receiver’s knowledge. The flaw, first revealed by the 9to5Mac blog, appears to occur when both users are running version 12.1 of Apple’s mobile operating system, or newer.
According to the report, the bud lets people call anyone on FaceTime and listen to the audio coming from the person they’re calling even if the person has not accepted or rejected the call. Apple said it has developed a fix and the update would be rolled out this week. The technique involves using the software’s group chat function, apparently confusing the software into activating the target’s microphone, even if the call had not been accepted.
9to5Mac report states that it reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it claims that the bug could affect any pair of iOS devices running iOS 12.1 or later. The eavesdropping ends when the call is cut after too many rings.
The report also states that if the person presses the Power button from the lock screen, their video is also sent to the caller without them knowing.
“In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. It seems there are other ways of triggering the video feed eavesdrop too. We have also replicated the problem with an iPhone calling a Mac. By default, the Mac rings for longer than a phone so it can act as a bug for an even longer duration,” the report states.