Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Applications
    • Cybersecurity

    FaceTime Security Flaw Gives Apple a Black Eye: Analysts

    By
    TODD R. WEISS
    -
    January 30, 2019
    Share
    Facebook
    Twitter
    Linkedin
      software flaw

      Apple’s FaceTime video chat app remained out of service Wednesday morning after being temporarily disabled by the company Jan. 28 due to a security flaw that can enable a caller to hear audio from the receiver’s end before the call is accepted.

      That’s not supposed to happen, and not only is it an embarrassing and troubling error for Apple, but it is also a potentially serious threat to its consumer and business users, several mobile IT analysts told eWEEK.

      “This is a critical, show-stopping bug that directly impacts Apple’s reputation for maintaining user privacy,” said Avi Greengart, a mobile analyst with GlobalData. “Whatever impact the temporary shutdown has on consumers and businesses is swamped by the need for Apple to address this quickly.”

      Because FaceTime is generally more of a consumer product than an enterprise application, the security flaw involving the app is more of a personal security issue than something most businesses need to worry about, said Greengart. “Apple is also expected to fix the bug shortly, and FaceTime is hardly the only video calling app, so the outage should be a temporary inconvenience. But it does highlight the importance for IT of regular security updates for all communications software, not just operating systems.”

      Another analyst, Charles King of Pund-IT, said the flaw in the FaceTime code is particularly remarkable from both a design and implications standpoint because it doesn’t require any special skills to eavesdrop at will on other FaceTime users.

      Taking Advantage of the Flaw

      To make the flaw occur, a user calls another person with FaceTime and before the other person picks it up, the caller can then swipe up on their display screen and add their own number to the call as a Group FaceTime call. At that very moment, an active call will begin and FaceTime begins immediately sending audio from the receiver’s device, even though they have not yet accepted the call. Making the privacy breach worse, the person who is receiving the call has no indication that a call has begun or that FaceTime is transmitting any audio or video.

      “It’s obviously a serious issue for Apple, and a significant failure for the FaceTime developer team” to have a flaw that requires only a few simple actions to implement it, said King.

      That’s what makes it so worrisome, he added. “Potentially, the flaw could be used to listen in on private conversations and discussions of every sort, including those of competitors, customers and regulators. If the flaw were implemented on the iPhone of a board of directors meeting, the listener could be privy to a company’s deepest secrets.”

      The big questions are how long the flaw has existed and how many people actually knew about it prior to its exposure, said King. “I’m not sure that those facts will ever be known.”

      Turning Off FaceTime App Only Option for Now

      To prevent the issue from occurring until the vulnerability is fixed, about the only thing that users can do is turn off the FaceTime app on their devices, he said. “Other than that, it’s important for individuals and organizations to make certain their phones are regularly updated and that they use recommended security apps and tools.”

      Users can also opt for other video chat apps in the meantime to deal with the situation, said King.

      “It’s like something out of ‘Mission Impossible’ or another far-out espionage film,” he said. “That’s not to say that other serious phone security issues don’t exist. But the simplicity and potential impact of the Apple FaceTime flaw are uncommon in the extreme.”

      John Jackson, an analyst with IDC, told eWEEK that security flaws like this one are always tough for the companies that have to deal with and resolve them.

      “There’s never a good time for a company to have a third party expose a software bug that compromises customers’ privacy,” said Jackson. “The incident is clearly horrific PR that damages the brand, but I think in the end not by much. Apple’s customer satisfaction scores are consistently off the charts, so there’s plenty of goodwill in the bank and I think it would take more than this—as serious as it is—to materially impact them.”

      Once the issue is solved in the near future, it will likely be forgotten, said Jackson. “In the end, I think patches will be issued and this will go to the dustbin of history next to Antennagate,” when many Apple iPhone 4 handsets suffered from antenna issues in mid-2010 that resulted in poor call quality. Called Antennagate by late Apple CEO Steve Jobs at the time, the problem was the location of the antenna inside the devices, which was solved with an add-on thin rubber case.

      FaceTime is an integrated application that is included in Apple’s iOS mobile operating system as well as its macOS desktop operating system. Apple has stated that it is aware of the issue and is planning on releasing an update. Apple has also temporarily shut down its Group FaceTime service feature at the back-end server, to help further mitigate the risk. Additionally, until a formal patch is available, Apple users are advised to disable FaceTime on their devices.

      Apple did not respond immediately to an inquiry from eWEEK about the status of the FaceTime flaw and its ongoing repairs.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×