Apple pushes fix for “FacePalm,” possibly its creepiest vulnerability ever

Bug in FaceTime Group feature allowed people to eavesdrop on users’ audio and video.

Enlarge (credit: Apple)

Apple has patched one of its creepiest vulnerabilities ever—a flaw in its FaceTime messenger app that made it possible for people to eavesdrop on audio and video captured by iPhones and Macs.

The bug in Group FaceTime, a feature that allows conference-call-style chats, made it trivial for someone to eavesdrop on someone else simply by initiating a FaceTime call, swiping up and choosing “add person,” and entering their own number to add themselves as a participant in a Group FaceTime call. While people on the receiving end would see a call was coming through, they would have no idea that the person trying to connect could already hear nearby audio and, in many cases, see video.

Apple security under the microscope

Privacy advocates and ordinary users were shocked when details of the eavesdropping vulnerability first broke 10 days ago. When it emerged that the bug was discovered by a 14-year-old and that Apple had failed to act following multiple emails sent by the teen’s mother, people demanded answers. Since then, New York Attorney General Letitia James has launched a probe into the incident, according to Reuters. Some critics now refer to the bug as FacePalm.

Read 7 remaining paragraphs | Comments

NYT: Chinese and Russian spies routinely eavesdrop on Trump’s iPhone calls

To the frustration of aides, the president has resisted pressure to use landlines.

An Apple iPhone lock screen is seen in this photo illustration on September 24, 2018.

Enlarge / An Apple iPhone lock screen is seen in this photo illustration on September 24, 2018. (credit: Jaap Arriens/NurPhoto via Getty Images)

Chinese and Russian spies routinely eavesdrop on personal phone calls President Trump makes on his iPhones, one of which is no different from the smartphone millions of other people use. The US president’s casual approach to electronic security has several current and former officials so frustrated they leaked the details to The New York Times, which reported on the phone interceptions Wednesday evening.

Trump, Wednesday’s article reported, has two official iPhones that have been altered by the National Security Agency to limit the types of hacks they’re susceptible to. The president has a third iPhone with no modifications that he uses as personal device, because unlike the official iPhones, he can store personal contacts on it. What’s more, while Trump is supposed to swap out his two official phones every 30 days for new ones, he rarely does. Trump did agree to give up his Android phone, which most security experts believe is more vulnerable than Apple’s iOS, and Trump has also agreed to the more cumbersome arrangement of having the two official iPhones. One is for Twitter and other apps, while the other handles calls.

Still, when Trump uses the cell phones to call friends, Chinese spies often listen in hopes of gaining insights about how to influence him on the long-simmering issue of trade. Russian spies also routinely eavesdrop on Trump’s calls, although the Russian spies don’t appear to be running as sophisticated an influence campaign as their Chinese counterparts. Aides have repeatedly warned the president that cell phone calls are especially susceptible to monitoring by adversaries. The aides have pressured him to use landlines instead, but he has refused to give up his devices.

Read 8 remaining paragraphs | Comments