Apple has confirmed that it’s possible for a FaceTime caller to listen to the person on the other end of the call — and even see them — before they pick up. Making use of this newly-discovered bug requires actions someone isn’t likely to do accidentally, which is probably why It wasn’t noticed during testing.
UPDATE: Apple said this evening it will quickly fix this serious privacy flaw. In the mean time, it has also disabled its servers needed for Group FaceTime to function.
Someone can spy on you
The process requires calling someone, then manually adding yourself to the call. That will apparently start the call between yourself and yourself, with audio from the person you originally called already playing, even though that person has yet to answer.
And if the call recipient’s iPhone is active then their device is allegedly transmitting video too.
This is a bug in Group FaceTime, which was added in iOS 12.1 last fall. Here’s a video demonstration of the problem that was posted on Twitter:
— Benji Mobb™ (@BmManski) January 28, 2019
While this seems to be a serious FaceTime bug, it has a limitation. While someone can hear and possibly see the person they’re calling, the phone is ringing to attract the user’s attention.
Apple just told Reuters that it will have a patch out for this FaceTime bug very soon. The fix is promised before the end of this week.
While it works on this fix, Apple has turned off its Group FaceTime servers, which means this feature is now disabled for everyone.
How to manually disable FaceTime anyway
Nevertheless, it’s probably still a good idea to turn off video calling. Doing so is easy: go to Settings > FaceTime and slide the very first toggle to the left. It’s labeled simply “FaceTime.” The feature is then disabled.
People who still want to make iPhone video calls could ask friends and family to text ahead of time so they know to reactivate FaceTime for the duration of their call.
As discussed, Apple is working on a fix right now. It seemingly won’t wait for it to be part of iOS 12.2, which is in beta now. Instead, the company will apparently rush out a patch just for this bug.