Initially reported by 9to5 Mac, a bug has been discovered in Apple’s Group FaceTime feature which allows callers to eavesdrop on a recipient. The bug affects any pair of iOS devices running iOS 12.1 or later and has also been shown to affect Macs which have been called by an iPhone.
Users can initiate a FaceTime video call with one of their contacts, and while the call is dialling, add themselves to a group chat. At this point, the audio from the recipient’s phone can then be heard by the caller – even if the recipient has yet to answer. Further, there is no way for the recipient to know that their audio can be heard by the caller, as their phone appears to be ringing on the lock screen.
Continued research showed that if the recipient attempted to reject the call (by pressing the phone’s power button), their camera would activate and video would be sent to the caller. In this situation, it is slightly more obvious that something is wrong as the recipient can hear their own audio. It is not obvious, however, that a video feed is being sent back to the caller, as all that is visible on the iPhone screen is the answer or reject call buttons.
Clearly, this bug presents massive potential for violating the privacy of iOS and Mac users. Apple has vowed to quickly rectify the issue and has taken Group FaceTime offline until it does. Users should follow security best practice and install updates for iOS and Mac as soon as they are made available to receive this fix in a timely manner.
For those still concerned, it is suggested that FaceTime is disabled altogether until a fix is released.
To do this, take the following steps: