A critical bug in Apple iOS allows Facetime users to access recipients’ microphone and front camera

• A bug in Apple iOS allows Facetime users to listen and watch the call recipients before the call is even picked up.
• Researchers confirmed that this bug exists in iOS 12.1.2 version.

Researchers uncovered a critical bug in Apple iOS devices that could allow Facetime users to access the microphone and front camera of who they are calling even if the call recipient does not answer the call.

The bug was first reported by 9to5Mac which stated that the bug could allow Facetime users to listen to the audio of the person they are calling even before the recipient accept the call. Later, Buzzfeed reported that this bug allows Facetime users to access the front camera as well.

How can the bug be exploited?

• To use this bug an iOS user should call a person via Facetime and should add themselves as an additional contact to Group Facetime before the recipient answers the call.
• By doing so, the microphone of the call recipient will be turned on and the caller can listen to what's happening in the room.
• Furthermore, if the recipient presses the power button to mute the Facetime call, the front camera will be enabled.

This means that the Facetime caller could listen and watch the recipient without their knowledge.

The bug exists in iOS 12.1.2

BleepingComputer tested this bug and confirmed that this bug exists in iOS 12.1.2 version. However, when the researchers tested this bug against Apple Watch, they were not able to get the microphone working.

A Google Project Zero security researcher Natalie Silvanovich explained the theory behind this bug in a tweet, “Theory: FaceTime stores call participants in a list that doesn't allow duplicates, and uses the indexes for signaling. When the caller is added a second time, the entry at index 1 is set to answer, with the expectation that it is the caller.”

Researchers’ recommendations

• Researchers suggest iOS users disable Facetime until Apple releases a fix to the issue as this bug could allow people to take compromising videos and audio without your knowledge.
• Once Facetime is disabled, Facetime users will not be able to abuse this bug to listen and watch users without permission.

However, Apple stated that they were aware of this issue and are working on the fix which will be released in a security update later this week.