Security Experts:

Connect with us

Hi, what are you looking for?



New York Investigating Apple’s Response to FaceTime Spying Bug

New York authorities have announced the launch of an investigation into the recently disclosed FaceTime vulnerability that can be exploited to spy on users. The probe focuses on Apple’s failure to warn customers and the company’s slow response.

New York authorities have announced the launch of an investigation into the recently disclosed FaceTime vulnerability that can be exploited to spy on users. The probe focuses on Apple’s failure to warn customers and the company’s slow response.

Videos and posts describing the flaw started making rounds earlier this week on social media websites. The mother of a 14-year-old from Arizona claimed her son had identified the bug and that they had attempted to inform Apple more than 10 days before details of the hack became public. She claimed the tech giant ignored their responsible disclosure attempts, which included calls, messages on social media, emails and even faxes.

The vulnerability is easy to exploit and it does not require any technical knowledge. The attacker simply calls the targeted user via FaceTime and then immediately initiates a group chat by using the “Add person” button from the bottom of the screen. If the attacker adds their own number to the group chat they start hearing what the victim says even if they haven’t actually answered the call.

FaceTime bug allows spyingThe victim continues to see the incoming call (i.e. the screen where they can accept or decline the call) and there is no indication that the person on the other end can hear them. Furthermore, if the victim presses the power button on their device, they give the attacker access to their camera as well.

The vulnerability appears to affect FaceTime on both iOS and macOS. Apple has promised to release a fix sometime this week and in the meantime it has suspended the Group FaceTime feature to prevent abuse.

The bug poses serious privacy concerns and New York Governor Andrew M. Cuomo and Attorney General Letitia James have decided to launch an investigation into Apple’s failure to warn customers and its slow response. The Department of State’s Division of Consumer Protection is accepting complaints from consumers as part of this investigation.

“In the wake of this egregious bug that put the privacy of New Yorkers at risk, I support this investigation by the Attorney General into this serious consumer rights issue and direct the Division of Consumer Protection to help in any way possible,” Governor Cuomo said. “We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again.”

Attorney General James commented, “This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years. My office will be conducting a thorough investigation into Apple’s response to the situation, and will evaluate the company’s actions in relation to the laws set forth by the State of New York. We must use every tool at our disposal to ensure that consumers are always protected.”

In another part of the United States, in Texas, a lawyer has filed a lawsuit against Apple claiming that the FaceTime vulnerability was exploited to record a client’s private deposition.

“Plaintiff was undergoing a private deposition with a client when this defective product breach allowed for the recording of a private deposition,” the complaint reads. “The Product was used for its intended purposes because Plaintiff updated their phone for the purpose of group Facetime calls but not unsolicited eavesdropping. Plaintiff suffered injuries.”

SecurityWeek has reached out to Apple for comment and will update this article if the company responds.

Related: Apple Patches Dozens of Vulnerabilities in iOS, macOS

Related: Apple Patches Passcode Bypass, FaceTime Flaws in iOS

Related: iOS Lockscreen Bypass Abuses New Group FaceTime Feature

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.