“This poses a pretty big privacy problem as you can essentially listen in on any iOS user,” said Benjamin Mayo of 9to5Mac in the article that first exposed the glitch on Monday. “There is no indication on the recipient’s side that you could hear any of their audio. There’s a second part to this which can expose video too…”
The bug can run on any iPhone or iPad currently using iOS 12.1 or later (or PCs running macOS Mojave) which contains the Group FaceTime feature.
Here’s how it works: When you dial a contact’s number in the FaceTime app, swipe up from the bottom and tap “Add Person.” Then add your own phone number. The software now thinks you’re on a group call, and you’ll be able to hear audio from the other person’s microphone even if they don’t pick up.
Buzzfeed reported that the glitch can allow someone access to your front-facing camera, too. The site tested the bug for themselves and found that if a user presses a volume button during the incoming call, the caller can see live footage from their phone.
One Twitter user even shared a video showing exactly how simple it is to recreate the bug in a tweet that’s now going viral.
— Benji Mobb™ (@BmManski) January 28, 2019
Apple is aware of the issue, telling Buzzfeed that it will be fixed in a software security update coming later this week. The tech company has also temporarily disabled the Group FaceTime feature, according to its website.
In the meantime, however, Apple users should disable FaceTime on all devices. To do so on an iPhone or iPad, go to Settings > FaceTime and toggle the button off. On a Mac, open the FaceTime app and select “Turn FaceTime Off” at the top.