A newly discovered FaceTime bug enables callers to listen into the recipient’s audio before they answer the phone, according to iPhone users who have been impacted by it. The bug presents a significant privacy issue, one call recipients may be unaware of as they contemplate whether or not to answer. Exploiting the bug requires only minor effort and it appears disabling FaceTime is the only protection from it.
Videos showing the exploit in action are making their rounds on Twitter and Reddit, where iPhone owners explain that they can listen into the recipient’s phone audio — before they answer — by adding themselves to the FaceTime call. By doing this, the call becomes a group call and the recipient’s audio becomes available even if they haven’t answered.
An iPhone owner can attempt to replicate the security bug by starting a FaceTime call with a contact, then — while the phone is ringing — swiping up on the screen and selecting “Add Person.” Add your own number in this menu, then start a group FaceTime call with yourself and the other person’s audio.
Though the bug still alerts the recipient to the call (there’s no way to stop it from ringing), that person has no way of knowing that the caller can hear what they’re saying. That makes this a major bug, particularly if the recipient doesn’t dismiss the call, but instead lets it ring while continuing to talk.
According to 9to5Mac, the issue was successfully replicated from an iPhone that was calling a Mac, which rings for a longer period of time, therefore potentially exposing recipients’ audio for longer moments. At this point in time, disabling FaceTime or immediately dismissing FaceTime calls appear to be the only protection against snooping.
UPDATE: It turns out that the bug doesn’t only affect audio. Mashable discovered that it also let callers see through the recipient’s FaceTime (front-facing) camera. Apple issued a statement to the site, saying that a fix will be coming later this week. For such a critical bug that doesn’t require the recipient’s interaction, that fix couldn’t come soon enough. Users might want to disable FaceTime until then.