Why it matters: Apple has discovered the problem that was causing Group FaceTime users to listen and peek in on each other. It appears to have been an issue with the FaceTime servers. Engineers have fixed the trouble and will issue a software update next week to re-enable Group FaceTime.
To recap: a few days ago Apple acknowledged a bug in iOS and Mojave that allows users to eavesdrop on others using Group FaceTime. Starting a Group FaceTime with someone and then adding your own number to the conversation causes that recipient's mic to activate without his or her knowledge. If they push the power button to silence the ring, it turns on the camera giving the caller a live video and audio feed.
The glitch was initially discovered by 14-year-old Grant Thompson and reported to Apple on or about January 22. However, Cupertino did not disable the app until January 29. In the interim, a lawyer taking a deposition from a client discovered he had been listened-in on thanks to the bug and is now suing Apple.
VIDEO: Here is a video, recorded & sent to Apple by a 14 yr old & his mom, on JAN 23rd, alerting them to the dangerous #FaceTime bug, that has threatened the privacy of millions. I've removed sensitive / private info on behalf of the mother (an attorney), whom I just spoke to. pic.twitter.com/YIBKXEP3mI— John H. Meyer (@BEASTMODE) January 29, 2019
Apple thanked the Thompsons in an emailed statement and clarified that it disabled the app once engineers could replicate the bug. It also apologized for the problem.
“We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously, and we are committed to continuing to earn the trust Apple customers place in us.”
The Thompsons felt a reward for discovering the bug was in order or at least a thank you.
“Apple should reward people for reporting things of this nature — not just reward the developers or the people who are savvy with tech,” she said. “I think just thanking him would be great.”
While Apple does have a bug bounty program, it does not appear that this particular glitch falls into any of the categories that pay. Furthermore, Motherboard noted in 2017 that Cupertino wasn’t paying researchers enough for high-value bugs. Instead, pro hunters were turning bounties into third-parties for better rewards. As a result, the program has struggled to get off the ground.
It appears a thank you to the Thompsons will have to suffice in this case.