A Teenager Tried To Warn Apple About It's Facetime Security Flaw, But Appears To Have Been Ignored
from the go-to-voicemail dept
By now, you've almost certainly heard about the latest big technology security flaw, in which Apple's FaceTime feature contains a bug that allows a caller using FaceTime to hear through the recipeient's phone while the call was still ringing. This obviously has all kinds of people all kinds of freaked out, since the bug essentially turns any iPhone into a short-burst surveillance bug. This has led some to opine that Apple, which has a fairly decent reputation from a privacy standpoint, is at risk of having that reputation torpedoed over this story.
And that might be all the more the case when the public discovers that Apple was informed of this bug by a teenager and his mother in the weeks running up to the press coverage of it, and did nothing about it.
The Wall Street Journal reports that Grant Thompson, from Tucson, was “setting up a FaceTime chat with friends ahead of a ‘Fortnite’ videogame-playing session when he stumbled on the bug”. It was then that Thompson noticed that he could hear audio from friends who had yet to join the call. Grant quickly told his mother, Michele, and the pair spent a week trying to contact Apple to warn them about the issue.
The WSJ say after some calls and faxes they “eventually traded a few emails” with Apple’s security team, but it wasn’t until reports of the bug blew up on Twitter that the decision was made to disable Group Facetime.
This apparently happened a week or so before this all exploded on Twitter and in the media. We've heard stories like this in the past, of course, but it always amazes me that tech companies aren't better about having a unified message across entire companies that staff should want to report this sort of thing up the hierarchy, and those high-ups should jump on addressing these reports both quickly and publicly. Imagine a world where Apple had lauded this teenager for informing the company about the bug and in which Apple had proactively disabled group FaceTime until the bug was resolved? Apple would have come out looking, once again, as though it were looking out for the privacy interests of its users.
Instead, it sure looks like the company was hoping to stick its head in the sand and pretend the bug didn't exist. Or, more charitably, perhaps the company thought it could simply do away with the bug quietly via an update with vague patchlist notes. Either way, it's not a great look.
Filed Under: facetime, grant thompson, security, security disclosure, warning
Companies: apple
