Update: Update is out. iOS 12.1.4 addresses this bug as well as another security issue that Apple found while auditing the code for FaceTime.
On Monday night (January 28), talk of a serious Group FaceTime bug hit the internet in a big way.
If a would-be attacker used a specific set of steps that were not typical for a regular FaceTime call, they could activate the call recipient’s microphone on their iPhone (or, presumably, iPad) without them answering the call. There was an extra privacy concern that if the recipient of the call declined the request, their camera was mistakenly activated as well, even if the phone looked like it was asleep.
There is no indication this bug was exploited maliciously, and it appears to have been reported to Apple at least a week and a half before the explosion of attention on January 28. Moving quickly once this story went public, Apple shut off Group FaceTime (a new feature that was introduced with iOS 12 this fall), effectively blocking this exploit from being used. In all, the bug was active for about 2-3 hours with a large audience, as Apple presumably scrambled to find a way to quickly fix it.
Immediately, Apple put out a press release saying that a permanent fix for this bug would be coming later this week, and shutting off Group FaceTime has mitigated the problems associated with the bug until the fix is released.
Unfortunately, because the news is effectively entertainment now, the following evening (Tuesday), local news, all the way up to late-night comedy shows, all talked breathlessly about the story, and at least from what I heard, none mentioned that the offending problem has been completely disabled until a proper fix is in place. In other words, the window when anybody at any scale could have been harmed by this was exceptionally small, only a few hours at most.
Now, though, the viral story of ‘Turn Off FaceTime’ will circulate for years, even though in my opinion it’s probably one of the very best ways for a group of Apple device users to communicate with audio/video, and even when the feature is fixed, there will be no news stories saying ‘You Can Turn FaceTime Back On Now’, even though after Monday evening, there was no need to turn it off.
There are a few big lessons I take away from this:
- Basically every news story is as well-researched as the one you know the intimate details about beforehand (not at all well-researched). Take them with a grain of salt.
- Every piece of software has bugs and flaws at some point in its development cycle. Obviously, big flashy bugs like this are a BIG deal, but it’s a reality of software that they will come up. The best thing you can do as a developer is to put systems in place to be able to deal with them quickly, and in my opinion, Apple’s ability to pull the plug on Group FaceTime without taking the entire system down is an example of good design.
- Don’t take your privacy for granted. People are going to see this story and turn off FaceTime because this was a huge privacy issue. However, I promise you that there are much bigger and more severe privacy violations going on at huge companies around the world right now, and because it is status quo, we all kind of just give them a pass. You should ‘audit’ the programs you use from time to time, and if you’re able, do some research on the privacy over-reaches of companies like Facebook. You’d be surprised the kinds of things they are caught doing on an ongoing basis, but it’s not a news story for some reason.
So, I didn’t turn FaceTime off, and unless something changes, I don’t think you need to either (if you didn’t already). If you’re paranoid about being watched/heard in your home, FaceTime is far from your biggest concern (this bug is no longer a risk as it stands today).
Humans are flawed, so it stands to reason that the software we create isn’t always perfect either. But writing off technology because of one viral news story is harmful to all of us, because the news can’t, and doesn’t, cover everything.
Please, don’t turn off FaceTime and vow never to trust it again because of this story. Your privacy is, and always will be, at risk, but that doesn’t make this particular piece of software the problem.
At the start of 2018, I celebrated my fifth year of service as a federal government employee. I’m a *very* different person than I was back in January of 2013 when I first started working at NSERC, and a big part of these changes relate directly to things I’ve learned working in government.
A part of me thinks it would be really nice if growing up, people had to spend (at least) a few weeks working in bureaucracy (just like how everybody would behave better in restaurants if they had to spend a few weeks waiting tables and washing dishes).
It seems (to me) like pretty much everybody complains about how long things take in government, and I’m definitely not saying that bureaucracy is as efficient and streamlined as it can possibly be. However, I do think that these things move slowly for a reason, and that learning to take your time and consider multiple viewpoints while completing work that affects people’s lives and livelihoods would keep everyone a little more humble and honest.
I’ve had the privilege of working on many different teams and projects in my time in the public service, and I definitely approach things now with far more consideration and patience than I used to. Work in government also gives some insight in to just how complicated issues surrounding politics tend to be, and specifically how almost nothing is as simple as someone might tend to assume from the outside.
Politics has become extremely divisive in the last few years, and I think a lot of it has to do with the fact that people are used to hearing only one side of a story, as opposed to looking at the bigger picture from an objective perspective, and making up their own minds. There is also a sharp increase in personal attacks in politics, as opposed to ideological differences being respectfully debated.
Another piece of what I believe makes work as a public servant complicated is the changing ways we communicate and share information with each other. Through the news and social media, we’re all exposed to a pre-existing point of view on every possible issue, and these are not always presented objectively (this depends very highly on your preferred sources of news).
The effect of this, at least for the purposes of this line of thinking, is that we think we’re forming objective thoughts and opinions, but they’re often just internalizing biased talking points that don’t look at the whole story. We’re all guilty of this, and not just when we’re laughing along as late-night talk show hosts bash the current US President. One of the really handy things public service has taught me is to recognize where these biases are and to not get caught up in ridiculing the little things that go on in every social group (US executive administrations included).
It’s hard to say for sure whether I’ll spend the rest of my career in the public service, but I’ve loved the lessons I’ve learned so far, and the skills I’ve gained, and I’ve been able to manage my cynicism so far. One things that helps with that aspect in particular is to focus your personal efforts to improve your workplace to the things that you can control, and realize that you won’t be happy with every single decision that gets made around you, but to pick your battles and limit the energy you exert on things that feel important but don’t actually serve any particularly useful improvement to the way things are.
Here’s to the next five years!