A security flaw in Apple’s Facetime can turn the iPhone into an eavesdropping device. It will transmit a live feed from the device’s camera and microphone to the eavesdropper. The affected feature has been cut off for now.
A programming error in the conferencing feature of Apple’s Facetime software can effectively turn the smartphone into a bug – without the affected users noticing. The Facetime glitch allows an attacker to create a new group call where more users can be added.
According to Apple’s 9to5Mac, which initially reported the issue, creating this call is enough to gain access to a live feed of the microphone. An attacker would only need to add themselves to the Facetime-conversation to listen to the microphone. The camera can also be activated in this way without the affected user noticing. The signals are transmitted as long as the incoming call is displayed.
Apple announces patch later this week
Apple has deactivated this feature for the time being on Monday evening and wants to provide a patch later this week. Currently, users can only make one-one-one conversations in Facetime. The service is exclusively available to Apple users.
“Apple uses encryption for Facetime to secure the data connection,” says Tim Berghoff, G DATA Security Evangelist. “But in this case, the security measure does not protect against eavesdropping.” Users can currently only wait until Apple makes the update available. Since the vulnerable feature is turned off, there is currently no acute danger.
Experts consider Apple’s iOS to be significantly more secure than Google’s Android platform. The closed App Store in particular means that there is less malware. With the G DATA solution Mobile Internet Security iOS, users can protect their device against phishing attacks and fraudulent websites. In addition, a device can be located remotely in case of theft.