A serious privacy bug has been discovered in FaceTime for iOS and MacOS that allows remote eavesdropping on another persons iPhone or Mac, even if they don’t pick up and answer the FaceTime call. Essentially this means that anyone can remotely listen to the microphone of a targeted iPhone or Mac by a remarkably simple process.

 

 

 

 

Below we’ll show you how you can test and reproduce the FaceTime eavesdropping microphone bug yourself, and we’ll also show you how to protect yourself from the FaceTime remote microphone / video access bug by turning off FaceTime on Mac, iPhone, and iPad.

Note: it appears that only iOS and macOS versions that support Group FaceTime are impacted by this bug, thus anything earlier than iOS 12.1 or macOS 10.14.1 is likely not effected. Apple is also apparently aware of the bug and will be releasing security patches later in the week.

How to Reproduce FaceTime Eavesdropping Bug & Remotely Listen to iPhone or Mac

 

1. Start a FaceTime call with someone
2. While the FaceTime call is ringing, tap the three dots or swipe up from the bottom of the screen to access the Group FaceTime feature
3. Tap on “Add Person” and add your own phone number as the contact person to add to the FaceTime call
4. The recipients iPhone or Mac will begin transmitting audio to you, even if they don’t answer the call

Going further, if the target presses the Power button on their iPhone, apparently it will start transmitting video as well.

What a lovely security bug! Not really, this is exceptionally bad. So obviously the question is how to protect yourself, which for now means disabling FaceTime completely.

 

How to Protect from FaceTime Eavesdropping Bug

Currently you can protect yourself or impacted devices from the remote FaceTime eavesdropping microphone / video camera bug by turning off FaceTime on the impacted devices. Here’s how to do that on iPhone, iPad, and Mac.

 

How to Disable FaceTime on iPhone and iPad

• Open Settings on iPhone or iPad and go to “FaceTime”
• Toggle the setting for “FaceTime” to OFF

 

 

 

 

 

How to Disable FaceTime on Mac

• Open FaceTime, then pull down the ‘FaceTime’ menu and choose “Turn FaceTime Off”

 

 

 

 

 

High-security minded Mac users who had previously either installed OverSight to detect camera and microphone activity on their Mac or disabled the Mac FaceTime camera completely should also be immune from the bug, though it’s possible that audio transmission could occur in the latter scenario.

If you have recently received a FaceTime call that you didn’t answer and you are concerned you are being listened to or watched remotely, simple turn off FaceTime or reboot your iPhone, iPad, or Mac, and then turn off FaceTime.

As mentioned before, the remote eavesdropping microphone / video camera FaceTime bug appears to be related to the Group FaceTime feature which was introduced in iOS 12.1 for iPhone and iPad and macOS 10.14.1 for Mac. In testing, we were not able to reproduce the bug when trying to connect to iPhone, Mac, or iPad that were running earlier iOS or MacOS system software versions.

The bug was apparently first publicized on Snapchat and Twitter by user @bmmanski where a short casual video is demonstrating the remote microphone access, that video was later noticed by 9to5mac and other tech and mainstream press. It’s possible this security flaw was known by others before this, however.

According to Axios, Apple will be releasing an update later in the week to resolve the bug. Until then, you might want to consider disabling FaceTime on any impacted iPhone, iPad, Mac, iPod touch.