Mother and son 'tried to warn Apple of bug'
- Published
A mother and son from Arizona tried to warn Apple about the eavesdropping FaceTime bug over a week ago.
The flaw, which gained attention on Monday, relates to the company鈥檚 FaceTime chat function.
Michele Thompson and her 14-year-old son made several attempts to warn the firm, but say they were mostly ignored.
鈥淪hort of smoke signals, I was trying every method that someone could use to get a hold of someone at Apple,鈥 Ms Thompson .
Apple has not yet commented, other than to say it will push a fix out to users in the coming days. In the meantime, the company has disabled the group calling function of FaceTime.
, Ms Thompson, a lawyer, started contacting Apple on 20 January. On the 25, she showing her and her son Grant demonstrating the flaw.
On Monday, as news of the bug finally gained widespread attention, Ms Thompson wrote: "I have letters, emails, tweets and msgs. sent to Apple for 10+ days reporting the Group FaceTime bug that lets someone listen in. My teenager discovered it! Never heard back from them.鈥
Her efforts also included using Apple鈥檚 support system to file a bug report.
"After several emails w/ Apple, they told me I could register as a developer to submit the bug report which I did (even though I鈥檓 the farthest thing from a developer),鈥 she wrote.
"Also emailed it directly to product-security@apple with full details."
'Bug bounty'
Apple, like many technology companies, has a 鈥渂ug bounty鈥 programme that pays people for finding new bugs in its products. Ms Thompson said she hoped her son would benefit.
"I would love for my 14-year-old to be rewarded for reporting this. Even a thanks would be amazing!鈥
The flaw, , appears to occur when both users are running version 12.1 of Apple's mobile operating system iOS, or newer. It also affects Mac users when they are called from an iPhone.
The technique involves using the software's group chat function, apparently confusing the software into activating the target's microphone, even if the call has not been accepted.
The eavesdropping ends when the call is cut after too many rings.
Kevin Beaumont, a security researcher, told the 大象传媒 that Apple is likely to deal with a large number of bug reports, which can take time to sort through and prioritise.
"Many companies typically aim for 90 days to resolve reported security issues, and much of that time can be spent reaching the right people and setting the right priorities.
"It appears the mother and son attempting to report this issue were passed around departments by Apple. That isn't ideal, and something Apple needs to work on."
- Published29 January 2019
- Published3 January 2019