With the US government spying on their citizens, and the hacker threat rising, it seems like the user have no privacy these days. Moreover, when the FaceTime bug surfaced, it became clear that there’s no way for a modern-day person to be 100% protected online. For a couple of months, FaceTime callers could eavesdrop on people they were calling whether they accepted the call or not.
This issue raised many concerns on the highest level. The members of the United States HREC (House of Representatives’ Energy and Commerce) officially sent Tim Cook, the company’s SEO, a letter, demanding a detailed answer on a number of concerns (they had six questions in total). The bug was called a significant privacy violation.
Thankfully, the bug was fixed recently – the fix for iOS that eliminated the problem was released on the 7th of February. You can read more about it here. It successfully re-introduced group calls and eliminated the flaw. To update your OS, go Settings – General – Software Update. Tap on Download and wait for the automatic installation to finish. The update is available for the iPad, iPhone, and iPod Touch.
While fixing the Apple FaceTime bug, the staff found another serious vulnerability (this time, in the Live Photo feature). Since then, this feature hasn’t been available on the older versions of MacOS and iOS. If you want to use it, you’ll need to update to 10.14.3 (MacOS) and 12.1.4 (iOS).
How Did the FaceTime Bug Work?
To put it simply, it made the app transmit audio and video content to a caller even when the other side never picked up the phone. The bug was triggered whenever a 3rd user was added to the FaceTime call. Yes, it didn’t take an experienced hacker or an under-the-radar government agency to do this: elementary-school kids could take advantage of the FaceTime bug.
When Apple finally acknowledged the problem, they turned the group-chatting feature in FaceTime off and then developed a fix. As mentioned, group-chatting is available again, and no hacker will be able to access your personal audio/video content anymore. However, the question still stands: why didn’t Apple find this bug on its own, and why did it have to wait for so long to come up with an update?
Why Did It Take So Long for Apple to Release an Update?
It’s important to note that the source code for Apple’s OS is never publicly available, meaning only their staff has access to it (and only they can fix any bugs). The flaw was discovered by a 14-year-old teenager who was playing Fortnite and could hear what his friends were saying.
This raises a number of questions. First, why couldn’t the biggest tech company’s engineers and developers detect this bug before? How could they miss it? Maybe it was an unhappy employee who wanted to harm the company by implementing the bug into FaceTime? Or was it just a mistake that the most influential tech giant missed?
Finally, why did it take them as much as 10 days to respond to the numerous messages that the kid’s mom sent them? Maybe they just never saw them or didn’t pay enough attention. The good news is – they rewarded Grant Thompson and his mother and apologized to their international community for taking so long to fix their own flaw.
Apple has a Bug Bounty program: it encourages people from all around the globe to reveal software bugs and get monetary rewards for their actions. The bug originated on the 30th of October (2018) with the 12.1 iOS update that introduced Group FaceTime. It’s still hard to believe that a flaw like this one had been undetected for several months in a row.
While Apple doesn’t share its code with anyone, many companies/organizations follow the open-source policy and let independent third parties test it out and reveal any possible issues. Over time, this policy proved to be effective and has helped in several cases. It’s a mystery why Apple doesn’t want to do the same and take all the help it can get.
\Should You Feel Concerned About Using iOS?
The short answer is “No.” Apple is known for spending significant amounts of money, time, and resources on making sure the OS is secure and private. As we learned today, iOS is not a perfectly-safe operating system. With that said, the FaceTime bug is just an exception to the rule, rather than a regular thing.
How iPhone Users Can Protect Their Privacy?
Users that put privacy and security first should consider using a Virtual Private Network that will encrypt all your data. There are dozens of decent offers on the market, and the best VPNs for iPhone will ensure your safety online.
Even a free VPN can keep you safe while using the Internet, but we highly recommend choosing a commercial product. The reason – most free services come with numerous limitations, and some of them are known to spy on users. Thanks to the ever-rising competition, the most expensive VPNs won’t cost you much, especially if you commit to a yearly subscription plan.
Here’s a short list of things that you can also do to protect your privacy:
1 – Remove Unprotected Widgets. While it’s convenient to access those without typing your password, security-wise, this is a huge flaw. Just swap right (on the lock screen), choose Edit and delete any unwanted widgets.
2 – Use A Stronger Passcode. It should be long (longer than 6 digits) and consist of numbers and letters. To change it, go Settings – Touch ID & Passcode – Turn Passcode On – Options – CAC (Custom Alphanumeric Code). Next, come up with a more secure code and enter it.
3 – Turn Two-factor Authentication On. Even the most sophisticated passcode can be hacked. With 2-factor authentication, you’ll be able to protect yourself further. To enable it, go Settings – Your Apple ID – Password & Security. Once you enter your unique ID password and turn the feature on, your account will become much more secure.
Apple has a near-perfect reputation, but security flaws like the iPhone FaceTime bug are casting a huge shadow on it. While they did, eventually, fix it, we still can’t understand why they had to wait for 10 days to do that. Overall, iOS is a very secure operating system, but, as mentioned, if you want to be in control of your privacy, it’s highly recommended to follow best security practices to feel safe.