It was really only a matter of time. Given how big the Group FaceTime bug has been, it was inevitable Apple would be slapped with a lawsuit. And since that has already happened, the next step would be to put the company under the microscope off the US government. That has also just happened with a letter sent by the US House of Representatives Committee on Energy & Commerce questioning Apple on its response to such an egregious security exploit.
It’s not that Apple didn’t respond to the bug. Questions are now being raised on whether Apple actually knew about it before the news actually broke. Apple was apparently notified more than a week before, but its process for reporting bugs has made it extremely difficult to get the message across. Apple has already apologized to the Thompson family and promised to improve its bug reporting system.
That said, some have also questioned the way Apple has been trying to fix the bug. At first, it said it would roll out the fix in a week or so but received backlash for the delay. In order to prevent any other exploits, Apple shut down FaceTime until the fix could be distributed. Group FaceTime remains unavailable today and even if the patch has been made available, it is unknown if all users will be aware they need to update iOS immediately.
Now US lawmakers want to know the details of the bug, asking whether Apple was made aware of it by other customers or parties and what steps it took to identify and inform users whose privacy may have been already violated by the bug. More importantly, the committee wants to know if Apple knows of any other similar vulnerabilities related to unauthorized mic and camera recording.
Apple may be big on privacy but its secrecy on security issues may also be hindering that cause. Sometimes it takes a huge scandal for Apple to even notice something’s amiss but it is sometimes too late to take back data that was already stolen.