Apple FaceTime Spying Bug: What You Need to Know
Apple moved quickly last night to disable an embarrassing privacy flaw that let iPhone users spy on other iPhone and Mac users via Group FaceTime. The company promised a permanent fix later this week.
Until then, you may want to disable FaceTime just as a precaution. In iOS, the off switch is in Settings > FaceTime. In macOS, you have to open FaceTime, then select "Turn FaceTime Off" from the menu bar.
Somebody -- a teenager, according to one report -- discovered that if you made a FaceTime call from an iPhone running iOS 12.1 or later, then swiped up on the screen to add your own number to the call before the other party picked up, you could hear all the audio from the other phone's microphone even if the other person never answered.
The trick spread across social media Monday (Jan. 28), according to 9to5Mac, which first reported on the bug. The Verge was able to replicate the bug, and discovered that it transmitted video too if the recipient of the call pressed the power or the volume-down button -- as one might do to dismiss the call or, um, turn on the camera.
"We have identified a fix that will be released in a software update later this week," Apple told the Verge and Buzzfeed News in virtually identical statements.
We were able to confirm that the trick worked Monday evening by placing a FaceTime call from an iPhone SE to an iPhone 7. The audio came through from the 7 without it answering the call. When the power button was pressed, the video came through as well.
But about an hour later, Apple switched off the servers that make Group FaceTime possible. Apple's System Status page noted that as of 10:16 p.m. EST Monday, Group FaceTime was "temporarily unavailable."
We confirmed Tuesday morning that the trick no longer worked. Attempting to add yourself to a FaceTime call while the other party's phone rang resulted in an error message stating that the call had "failed."
On Monday, Twitter user Benji Mobb posted video of the trick in action. Both iPhones needed to be running iOS 12.1 or later, or macOS 10.14 Mojave. (Group FaceTime was added in iOS 12.1 and apparently is where the problem lies.)
Twitter user @tythegoddess tweeted about the bug at around noon Monday Eastern time.
"There's apparently a bug that allows people to still be able to talk to you even if you don't answer the call," she wrote. "Don't believe me? FaceTime someone and then add yourself to the call."
That may have been what got the ball rolling on social media, but a little-noticed tweet from more than a week earlier indicated that someone had already tried to notify Apple.
"My teen found a major security flaw in Apple's new iOS," wrote user @MGT7500 on Jan. 20. "He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport ... waiting to hear back to provide details. Scary stuff!"
A bug in Apple devices that let callers listen in on others' microphones without their knowledge has been disabled after political leaders, business leaders and a number of media reports put pressure on the tech giant as it works to permanently solve the issue.
The software problem, which lets users use the group chat function in FaceTime, call someone and then listen in on their conversations even if the other person did not pick up, was demonstrated through videos online and reported on this week by tech blogs. The bug was first confirmed by Bloomberg News and subsequently reported elsewhere, including Fox News.
"We're aware of this issue and we have identified a fix that will be released in a software update later this week," Apple said in a statement Tuesday.
Perhaps serendipitously, the issue occurred on Data Privacy Day, a cornerstone for Apple and a day when CEO Tim Cook tweeted about privacy, writing "the dangers are real and the consequences are too important."
Tim Cook✔@tim_cookWe must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.
Apple's online support page noted there was a technical issue with the application and that Group Facetime "is temporarily unavailable."
New York governor Andrew Cuomo issued a statement warning people about the bug and urging people to disable the app until Apple fixes the issue.
"The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk," Governor Cuomo said in the statement. "In New York, we take consumer rights very seriously and I am deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes. In light of this bug, I advise New Yorkers to disable their FaceTime app until a fix is made available, and I urge Apple to release the fix without delay."
Jack Dorsey, CEO of Twitter, a company that has also had its share of privacy issues in recent memory, called on users to disable FaceTime until Apple fixes the issue.
jack✔@jackDisable FaceTime for now until Apple fixes
Andy Baio✔@waxpancakeWant to see a really bad bug? You can FaceTime any iOS device running 12.1 and listen in remotely—WITHOUT THE OTHER PERSON ANSWERING THE CALL. (via @bzamayo) https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/ …
The FaceTime bug exists on iOS devices that have iOS 12.1 or later. To disable the FaceTime app temporarily, users can go to Settings, select FaceTime and then toggle it to off until a patch has been issued.
The issue comes at a critical juncture for Apple, which has been beset by slowing iPhone sales. Earlier this month, the company issued a rare update to its quarterly revenue projections, saying it would miss fiscal first-quarter estimates by as much as $9 billion, due in part to the Trump administration's trade war with China.
Apple's market cap declined approximately $75 billion in value, though that has since been recovered on hopes that the worst may be over for the tech giant.
Cupertino, Calif.-based Apple is set to report fiscal first-quarter results after the close of trading on Tuesday. Analysts surveyed by FactSet expect Apple to report $4.17 a share in earnings and roughly $84 billion in revenue.
Facebook is planning to integrate its three instant messaging apps, WhatsApp, Facebook Messenger, and Instagram’s direct message function, it has been revealed. The plans come from Mark Zuckerberg, Facebook’s CEO, himself, The New York Times reports.
The three apps have, historically-speaking, targeted different audiences, had different uses, and different structures. Zuckerberg even insisted when Facebook first acquired them that Instagram and WhatsApp would have a certain amount of autonomy from their new owners. Lately, certain functions have begun to appear in all three of them – Instagram stories and Facebook stories for example, and the equivalent WhatsApp status – but the underlying structure of the apps has remained different and distinct. Not for long, apparently. The change is expected between the end of the year and the beginning of the next.
Zuckerberg has said that while the three apps will continue to be standalone and separate, their technical infrastructure will be the same. This change will also allow users to message each other from any of the three apps without having to switch platform.
This move requires that every communication will be end-to-end encrypted, visible only to the users and no-one else. Currently, only WhatsApp provides that as a default option. Facebook messenger allows encryption only in secret conversations, which can be accessed from the app, but it's not the default. Instagram doesn’t have anything like it. So, this is good news for privacy but only if it is done properly. And given Facebook's track record, people have every right to be skeptical.
“[T]his move could potentially be good or bad for security/privacy," Matthew Green, associate professor of Computer Science at the Johns Hopkins Information Security Institute said in a Twitter thread about the plans. "But given recent history and financial motivations of Facebook, I wouldn’t bet my lunch money on “good”. Now is a great time to start moving important conversations off those services.”
There is also the matter of different registration requirements when it comes to different apps. You need your Facebook identity for messenger, an email for Instagram, and your phone number for WhatsApp. There are clear concerns how the metadata from the future interactions between users across the platform will be used by Facebook. Some people might not want to have their identities across these platforms unified and would rather opt out. It is unclear at this time what guarantees will be put in place to address these concerns.
This close integration is a significant U-turn on the way the three platforms have been run until today and many speculate it is part of the reason why both Instagram and WhatsApp's founders stepped down from their board positions at Facebook last year.
Phishing attacks are now considered the main source of data breaches.
91% of cyber attacks start with a phishing email *
Ten years ago, if you asked someone what ‘phishing’ was, they probably would have no idea. Since then, times have changed considerably; phishing attacks are now responsible for a significant number of major data breaches.
Phishing may have made its way into the mainstream vernacular, but there is still confusion about the subject—and rightfully so. Phishing attacks are becoming more sophisticated and targeted, and even the most tech- or security-savvy people can find themselves a victim. So, how do you make sure you don’t fall victim as well? Use this five-point checklist to closely examine the validity of incoming email. When in doubt, don’t click!
The SenderThis is your first clue that an email may not be legitimate. Do you know the sender? If not, treat the mail with suspicion, and don’t open any attachments until you verify with the purported sender that they meant to send them. If you believe you do know the sender, double check the actual email address. Often, a phishing email will be designed to look like it comes from a person you know, but there will be a slight variation in the address or they will spoof the envelope to show you a name you recognize.
The SubjectPay attention to subject lines! While something like, ‘Claim your ultimate deal now!,’ can be an obvious sign of a phishing email, the far more successful subject lines are the ones that don’t raise that much suspicion. ‘Account action required’, ‘Delivery status update’, or ‘Billing statement confirmation’ can all be ploys to weaken the email recipient’s defenses through seemingly ordinary alerts.
Remember, if something legitimate is that important, your bank, employer, doctor’s office, retailer, or credit card company will find an alternate way to contact you when you’re not responding over email. When in doubt, call to ask if they’ve sent you an email, but do not make that call to a number that was in the email message you are calling about!
Most clicked email phishing subject lines.
A delivery attempt was made (18%)
A UPS label delivery (16%)
Change of password required immediately (15%)
Unusual sign-in activity (9%)
The BodyThe body of the email can hold a whole new set of clues, including misspelled words and confusing context. For example, are you asked to verify a banking account or login to a financial institution that you don’t have an account with? Did you get an email from someone you may know that has nothing in it other than a short URL? Does the content apply to you or make sense based on recent conversations or events? Similarly, if it is a known contact, is there a reason they would be sending you this email?
Hackers can also use current or popular events to their advantage. For example, holiday shopping, tax season, and natural disaster or tragedy relief efforts are all used to sneak an unsuspecting phishing email into the inbox of thousands of targets. Did you know that the IRS reported a 400 percent increase in phishing scams for the 2016 tax season alone?
How will you know if an email is valid or not? This is where other email clues will come in handy!
The AttachmentsThe golden rule — do NOT open an attachment if any other aspect of the email seems suspicious. Attachments often carry malware and can infect your entire machine.
7.3% of successful phishing attacks used a link or an attachment**
The URLs Similar to attachments, do NOT click on a link if anything else about the email seems suspicious. This is usually the attacker’s ultimate goal in a phishing scam — lure users to a malicious site and trick them into entering login credentials or personal information, allowing the attacker full account access.
If you do click on a link, be sure to also verify the actual URL. Are you on Google.com or Go0gle.com? The variations can be slight, but they make all the difference! That said, be aware that a malicious site will not always be visibly reflected in the URL, and therefore you will not be able to tell the difference. If this is the case, most browsers have built-in phishing protection to alert you that something is wrong.
15% of individuals who fall for an initial phishing attack admit to falling for a phishing attack a second time.
By using these five email checkpoints, you will be more equipped to decipher a phishing email. However, some phishing attacks are so sophisticated that they can even fool the savviest of users. The good news is that there are technology solutions, such as two-factor authentication, that can help, and we strongly recommend 2FA
On November 26th, a security flaw in a U.S. Postal Service platform exposed data of more than 60 million users by allowing anyone logged-in to usps.com to query the system for user data. USPS has patched the flaw after repeated requests, according to Tech Crunch.
WHAT DATA WAS COMPROMISED?
User data exposed included usernames, user IDs, email addresses, account numbers, addresses, phone numbers, and real-time mail delivery data.
I HAVE A USPS ACCOUNT. WHAT DO I DO?
Officials are investigating the incident and it's unknown if impacted users will be contacted by USPS. However, we highly recommend that you:
•Closely monitor your accounts for any suspicious activity
•Turn on Dark Web Monitoring to receive real-time securiy alerts if your information is found where it doesn't belong
This fall, a major new update for iPhone and iPad is scheduled to arrive: iOS 12, the latest version of Apple's smartphone and tablet operating system software.
Its standout feature? A new way to turn your face into a living cartoon, called Memoji:
It's true! That grinning cartoon above is none other than Apple CEO Tim Cook.
But let's not kid ourselves — the stuff that will really impact your daily iPhone use is far more mundane. To that end, Apple is making some major strides in iOS 12 towards ease of use and convenience that are worth highlighting.
Here are the five most important changes and additions coming in iOS 12:
1. iOS 12 makes old iPhones faster.
There are plenty of new features coming in iOS 12 that are intended for the latest models of iPhone, such as the aforementioned Memoji.
But one huge feature that's aimed squarely at older iPhones is a major performance improvement. In testing thus far, according to Apple VP of software engineer Craig Federighi, iOS 12 makes older phones like the iPhone 6+ run far more quickly: 40% faster app launches, 50% faster keyboard opening, and a 70% improvement in opening the camera.
It's not sexy, but it's stuff like this that makes the user experience for most iPhone owners so, so much better. Apple is directly addressing the common complaint that each year, with each new iOS update, older iPhones get slower.
That iOS 12 will support iPhones going all the way back to the iPhone 5S is another subtle nod of acknowledgement to the tens of millions of people using older iPhone models.
2. The Notifications tray is getting a major update, smartly copying Android's best feature.
Ever slide down your notifications tray and find a mess of nonsense? That's most interactions with the notifications tray on iOS, unfortunately. One of the major arguments for using Android over iOS is how useful the notifications tray is in the former (and how poor it is in the latter).
Apple's seemingly addressing that disparity with iOS 12, finally adding support for grouped notifications in the notifications tray. All your text message notifications will be automatically bundled together, for instance, rather than showing each one individually. You can still tap in and see each one, or you could swipe left on the whole stack to clear them all at once.
It's a small but crucial change to daily iPhone use.
3. Customize your life with Siri Shortcuts.
Siri is kind of a mess in general use, but a new tool for Siri has a lot of promise. It's called "Shortcuts," and it essentially allows you to program a series of actions tied to a specific command phrase.
In the example Apple gives, an iPhone owner has set a shortcut to the phrase, "Heading home."
When Siri hears that phrase, it automatically enacts a series of actions:
— Retrieves directions home with the least traffic.
— Text messages the user's roommate to let her know she's on the way.
— Sets the home thermostat to 70 degrees and turns on a fan.
If you've ever used Automator on a Mac, Shortcuts will sound familiar — it's a way of setting up a sequence of actions that you perform frequently, tied to a single trigger. In the case of Siri Shortcuts, those triggers are whatever phrase you set. Pretty neat!
4. More control over how you use your phone, and more ways to monitor that use.
With Apple's introduction of the iPhone over 10 years ago, smartphones have taken over. It's easy to feel overwhelmed by the blurring of our digital lives with our real ones, and Apple's introducing some voluntary boundaries for those looking for space.
In iOS 12, you'll be able to set your own app limitations. It probably wouldn't hurt to limit yourself to less than an hour of social media use per day, right? That's the idea.
To that end, Apple is also adding activity usage reports. Even if you don't want to voluntary limit your app usage, perhaps seeing how much time you've spent scrolling through Facebook will convince you.
Additionally, iOS 12 is expanding out the concept of Do Not Disturb mode to a new Do Not Disturb During Bedtime mode. Instead of simply silencing your phone's ringer and vibrations, it will also withhold on-screen notifications.
5. FaceTime is getting support for up to 32 people at once!
You already know it and probably love it — the video calling service FaceTime is expanding out massively with support for up to 32 participants in iOS 12.
Moreover, you can bring your Memoji right into FaceTime. Become the stylized koala you've always wanted to be!
FaceTime with that many users means organization is key. To that end, whoever is speaking will show up as the largest square, and you can tap individual people to focus on them even if they're not speaking.
BONUS: A few important details about iOS 12 for iPhone/iPad users.
iOS 12 is the next major version of Apple's mobile operating system, which runs on iPhones and iPads. It costs nothing, and is expected to arrive this fall.
Apple hasn't given it an official release date, but the new version of iOS usually launches alongside the new iPhone in September. A developer preview of iOS 12 is available now for members of Apple's developer program, and a public beta is planned for later this month.
iOS 12 runs on the iPhone 5s and later, all iPad Air and iPad Pro models, iPad 5th generation, iPad 6th generation, iPad mini 2 and later and iPod touch 6th generation.
BONUS 2: Apple CarPlay is finally getting support for Google Maps and Waze in iOS 12 Finally:
Apple's CarPlay system will allow iPhone users to navigate using Google Maps and Waze. Finally!
Previously, CarPlay would only allow for Apple Maps. It's a small change, but a momentous one if you're anything like the millions of other people who prefer Google Maps to Apple Maps.
A few weeks ago we learned that a piece of sophisticated malware called VPNFilter infected more than 500,000 routers and other devices around the world. VPNFilter was spotted in some 54 countries, but an increase in activity in Ukraine suggested the malware was created by Russian intelligence looking to disrupt Ukraine either ahead of the Champions League final in late May, or before local celebrations in late June. The Kremlin denied any involvement in VPNFilter, of course. Since then, the FBI issued a warning to Internet users to restart their routers. Cisco’s Talos security team is now back with more details on VPNFilter which reveal the malware is even more dangerous and scary than we thought.
Thecomputerheale.com makes no claims about the efficacy of the information contained in the documents and related graphics published on this website for any purpose. All information, documents and graphics are provided "as is" without any kind of guarantee of effectiveness. Thecomputerhealer.com hereby disclaims all responsibility for the manner in which the information offered on this website is used by you.
In no event shall Thecomputerhealeronline.com be liable for any special, indirect or consequential damages or any damages whatsoever resulting from the loss of use, data or profits arising out of or in connection with the use or performance of information available from this website.
The documents and related graphics published on this website may include technical inaccuracies or typographical errors. Changes are periodically added to the information on this website. Thecomputerhealer.com reserves the right, at its discretion, to change or modify all or any part of this agreement and the content on website at any time, effective immediately upon publication of this notice.
Your continued use of this website constitutes your binding acceptance of these terms and conditions, including any changes or modifications made by Thecomputerhealer.com as permitted above. If, at any time, the terms and conditions of this agreement are no longer acceptable to you, you should immediately cease using this website.