Update is out. iOS 12.1.4 fixes the bug as well as another security issue that Apple found while auditing the code for FaceTime. Group FaceTime has now been turned back on (for those on 12.1.4 or higher).
Update: Update is out. iOS 12.1.4 addresses this bug as well as another security issue that Apple found while auditing the code for FaceTime.
On Monday night (January 28), talk of a serious Group FaceTime bug hit the internet in a big way.
If a would-be attacker used a specific set of steps that were not typical for a regular FaceTime call, they could activate the call recipient’s microphone on their iPhone (or, presumably, iPad) without them answering the call. There was an extra privacy concern that if the recipient of the call declined the request, their camera was mistakenly activated as well, even if the phone looked like it was asleep.
There is no indication this bug was exploited maliciously, and it appears to have been reported to Apple at least a week and a half before the explosion of attention on January 28. Moving quickly once this story went public, Apple shut off Group FaceTime (a new feature that was introduced with iOS 12 this fall), effectively blocking this exploit from being used. In all, the bug was active for about 2-3 hours with a large audience, as Apple presumably scrambled to find a way to quickly fix it.
Immediately, Apple put out a press release saying that a permanent fix for this bug would be coming later this week, and shutting off Group FaceTime has mitigated the problems associated with the bug until the fix is released.
Unfortunately, because the news is effectively entertainment now, the following evening (Tuesday), local news, all the way up to late-night comedy shows, all talked breathlessly about the story, and at least from what I heard, none mentioned that the offending problem has been completely disabled until a proper fix is in place. In other words, the window when anybody at any scale could have been harmed by this was exceptionally small, only a few hours at most.
Now, though, the viral story of ‘Turn Off FaceTime’ will circulate for years, even though in my opinion it’s probably one of the very best ways for a group of Apple device users to communicate with audio/video, and even when the feature is fixed, there will be no news stories saying ‘You Can Turn FaceTime Back On Now’, even though after Monday evening, there was no need to turn it off.
There are a few big lessons I take away from this:
- Basically every news story is as well-researched as the one you know the intimate details about beforehand (not at all well-researched). Take them with a grain of salt.
- Every piece of software has bugs and flaws at some point in its development cycle. Obviously, big flashy bugs like this are a BIG deal, but it’s a reality of software that they will come up. The best thing you can do as a developer is to put systems in place to be able to deal with them quickly, and in my opinion, Apple’s ability to pull the plug on Group FaceTime without taking the entire system down is an example of good design.
- Don’t take your privacy for granted. People are going to see this story and turn off FaceTime because this was a huge privacy issue. However, I promise you that there are much bigger and more severe privacy violations going on at huge companies around the world right now, and because it is status quo, we all kind of just give them a pass. You should ‘audit’ the programs you use from time to time, and if you’re able, do some research on the privacy over-reaches of companies like Facebook. You’d be surprised the kinds of things they are caught doing on an ongoing basis, but it’s not a news story for some reason.
So, I didn’t turn FaceTime off, and unless something changes, I don’t think you need to either (if you didn’t already). If you’re paranoid about being watched/heard in your home, FaceTime is far from your biggest concern (this bug is no longer a risk as it stands today).
Humans are flawed, so it stands to reason that the software we create isn’t always perfect either. But writing off technology because of one viral news story is harmful to all of us, because the news can’t, and doesn’t, cover everything.
Please, don’t turn off FaceTime and vow never to trust it again because of this story. Your privacy is, and always will be, at risk, but that doesn’t make this particular piece of software the problem.
Next week, I will be heading to Montreal, where I’ll be giving three different presentations to three different audiences in three different rooms. I’ll be bringing my laptop, my iPad, and my phone with me, any of which has the built-in capability to show a PowerPoint presentation. I’ve given these kinds of presentations before, and I’m not particularly nervous about the content of the talks.
However, there is something about this weekend that is causing me serious bouts of anxiety, and that’s showing the actual presentation. Like I said, I’ll be bringing 3 different computers to the conference, which connect to other display devices via Lightning adapter (iPhone and iPad) or mini DisplayPort (my MacBook Air) to DVI or VGA or even HDMI, or via screen sharing if there was an Apple TV/Chromecast(?) involved.
However, what I *don’t* know is what display technology will be available on the other end, connected to the projector. I am aware that many universities are starting to make sure projectors have connection options for Mac, which means one or more of these options may just be ready and waiting for me. But since I want to actually know at least one of these options WILL be available, does that mean I need to go and buy at least one adapter for VGA/DVI/HDMI just in case any of those is all the projector works with? Should I just buy an Apple TV for the weekend, hook it up, and share my screen to it (again, hoping the projector has an HDMI hookup). The Apple TV method means I’ll also need access to a stable Wi-Fi connection to run the screen share, which isn’t always the case.
I’m very risk averse, but I also like to be prepared for any possibility when it comes to this kind of thing, but it feels like there should be a better way when it comes to giving presentations in an unfamiliar environment. Conferences are a VERY common thing, and it just seems like there’s no good way to do things consistently with so many moving parts.
Side note: don’t even get me started on using a secondary device as a remote to control the presentation. This technology has existed for a decade, but the only software integration that currently exists for PowerPoint is that a presentation on the iPhone can be controlled via the Apple Watch. It just feels like these kinds of things should be further along than they are.