Those brokers then sell those bugs for ever higher sums to governments and intelligence and law enforcement agencies around the world. The FaceTime flaw, and other Apple bugs, can fetch tens of thousands, if not hundreds of thousands or even millions of dollars, from dozens of brokers. Thompson, there is a healthy market for bugs and the code to weaponize them, which allow governments, defense contractors and cybercriminals to invisibly spy on people’s devices without their knowledge, capturing everything from their locations to information caught on their microphones and cameras. Thompson noted that she and her son were just everyday citizens who believed they had uncovered a flaw that could undermine national security. In emails to Apple’s product security team, Ms. Thompson’s urgent warnings, or whether it intends to reward the teenager whose mother raced to alert the company to the bug in the first place.Ī bug this easy to exploit is every company’s worst security nightmare and every spy agency, cybercriminal and stalker’s dream. On Monday, Apple said it was aware of the issue and had “identified a fix that will be released in a software update later this week.”īut the company has not addressed how the flaw passed through quality assurance, why it was so slow to respond to Ms. “If these kinds of bugs are slipping through,” said Patrick Wardle, the co-founder of Digita Security, which focuses on Apple-related security, “you have to wonder if there are other problematic bugs that other hackers are exploiting that should have been caught.” Rarely is there a software flaw that grants such high-level remote access and is so easy to manipulate: By adding a second person to a group FaceTime call, you can capture the audio and video of the first person called before that person answers the phone, or even if the person never answers. The FaceTime problem has already been branded “FacePalm” by security researchers, who say Apple’s security team should have known better. Hours before Apple’s statement addressing the bug Monday, Tim Cook, the company’s chief executive, tweeted that “we all must insist on action and reform for vital privacy protections.” The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products. The company reacted after a separate developer reported the FaceTime flaw and it was written about on, a news site for Apple fans, in an article that went viral. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. Thompson, a lawyer, to set up a developer account to send a formal bug report.īut it wasn’t until Monday, more than a week after Ms. On Friday, Apple’s product security team encouraged Ms. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call. It's easy to think that this is a scramble to prevent people shifting their video communications to other, more platform agnostic, services such as Zoom.SAN FRANCISCO - On Jan. Must read: I just found my lost AirTag… you'll never guess where it went Well, it's taken over a decade, but later this year Windows and Android users will be able to join in the FaceTime fun… sort of.īut rather than a dedicated FaceTime app for different platforms, iPhone, iPad, and Mac users will be able to send a link to others to connect on FaceTime - even if they are using Android or Windows.Īnd Apple claims that there's no compromise when it comes to security or privacy.Īll they'll need is an updated version on Microsoft Edge or Google Chrome. Wind back to the WWDC 2010 keynote, when Steve Jobs was at the helm of Apple, he unveiled the FaceTime video communication system in one of those trademark "one more thing." If you have a long enough memory, you might also remember that Jobs promised that it would become an open standard.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |