Group FaceTime is not secure

Apple disables FaceTime Group Call

Apple vulnerability alert: Apple has suspended its group FaceTime facility for the time being. This is due to a security hole that can turn your iPhone into a listening bug.

Find with us, what it is all about and how you can protect yourself.

Group FaceTime unsafe due to security vulnerability

It was not until the end of October 2018 that Apple introduced FaceTime group calls with the release of iOS 12.1. This feature allows you to make simultaneous video or audio calls to up to 32 people via FaceTime conferencing. The FaceTime group call is secured just like a normal FaceTime chat with end-to-end encryption.

But apparently this security is not enough. Thanks to a serious security hole in the software, the FaceTime conference function is insecure and, in the worst case, can turn your iPhone into a listening bug. The vulnerability allows attackers to remotely activate the microphone of iPhones and Macs and listen to conversations you have over group FaceTime – without the person you are talking to even picking up the phone.

It was not until October 2018 that Apple introduced Group FaceTime calls. (Picture: Screenshot / Apple)

It was not until October 2018 that Apple introduced Group FaceTime calls. (Picture: Screenshot / Apple)

Vulnerability affects FaceTime on iPhone and Mac

FaceTime with multiple callers works on both iPhone and iPad as well as on the Mac. But no matter which device you use, the vulnerability affects all Apple devices that allow FaceTime group calls. Attackers are able to remotely activate your Mac or smartphone microphone.

You do not even have to answer a FaceTime group call, as a report from David Reid describes. It’s enough to add your number to the FaceTime conference when you make a call. The security vulnerability then ensures that the microphone is immediately activated on the called party’s device. This works for both audio and video calls. With the latter, video transmission starts even if you reject the call.

Apple Responds to Group FaceTime vulnerability

Apple has already responded to the FaceTime group call vulnerability. To prevent attackers from exploiting the vulnerability, Apple first disabled the group FaceTime feature on Monday night. Apple’s developers are also working on a software update that will plug the vulnerability and be released this week.

By the way, this is not the first serious security hole with FaceTime calls. Last week saw the release of the new iOS version iOS 12.1.3, where the focus was on security updates for FaceTime.

How can you protect yourself from the vulnerability

Apple’s deactivation of the FaceTime conference is an important protection step in view of the security gap. However, with a few tips, you can better protect yourself from an attack via a FaceTime call. It is advisable to deactivate FaceTime completely on your Apple devices for the time being. On the iPhone or iPad, go to the “FaceTime” menu item in the settings and set the slider to “Off”. On the Mac, you can switch off FaceTime calls directly in the FaceTime application.

7th Feb 2019

Recent Posts