Apple has finally delivered a fix to its Group FaceTime bug that let users eavesdrop on others with an accidental workaround. But the real hero of this story is the 14-year-old kid who figured out that it existed, and whose mum reportedly used every imaginable method to reach the company and flag the security issue.
Apple evidently knows this too, and according to Reuters, the company plans to reward Grant Thompson with undisclosed compensation and an investment in his education.
Apple also “conducted a thorough security audit of the FaceTime service,” a spokesperson told Reuters, which it said in its iOS 12.1.4 release turned up an issue with Live Photos as well. Both issues have been addressed with the update.
Apple temporarily disabled Group FaceTime after reports surfaced about the bug. Thompson said he figured out that he could essentially force a friend’s phone to pick up by dialling one person in FaceTime, and then swiping up and attempting to dial another person before the first one picked up. That instantly connected him with the first friend’s phone, even though they hadn’t actually answered the call.
It took over a week for his mum to get hold of the company, which raised concerns about how non-researcher types are supposed to reach Apple if they stumble upon an egregious security issue such as this one. According to Reuters, Apple’s planning to overhaul its systems to make it easier for normal folks to report problems.
It’s been kind of a rough couple of weeks for Apple, which now faces lawsuits and questioning by lawmakers over the FaceTime incident.
In addition, a TechCrunch investigation this week revealed that some iOS apps were recording the in-app activity of their users through an analytics tool, a practice Apple strictly forbids but was happening anyway.
This all, of course, arrives weeks after Apple ran a billboard in Vegas claiming that whatever “happens on your iPhone, stays on your iPhone”. Which, yikes.
In any event, update your devices.
[Reuters]