Apple FaceTime Bug: What it Did, the Lawsuit, and Larger Implications

By: Jordan Carrier

On January 19, 2019 an Arizona teenager discovered that Apple’s FaceTime app was experiencing a serious bug.[1] Grant Thompson called his friend through the video chatting software and was able to listen through his friend’s microphone before the call had been answered.[2] Thompson and his mother notified Apple of the glitch the following day, but the tech giant failed to respond to the issue until an article on the issue went viral days later.[3]

The software flaw could be taken advantage of by calling someone through FaceTime, then adding a second person to the call using the Group FaceTime feature apple rolled out with iOS 12.1 in October of 2018.[4] Before the first person answered the phone, or even if that individual never picked up, the caller could capture audio.[5] It was later discovered by users that while only audio was initially picked up, if the person being called pressed a volume button the front-facing camera would be activated, allowing the caller to both see and hear the recipient of the call, without that person ever actually answering the call.[6]

On January 28, nine days after Apple was initially notified of the bug, news about the FaceTime bug was picked up by major news outlets and articles sprang up giving iPhone users instructions on how to avoid being negatively impacted by the eavesdropping feature.[7] The same day, Apple took Group FaceTime offline to mitigate the impact of the bug and promised to release a software update to correct the problem within the week.[8]

The nine day lag in Apple’s response was too slow, and allowed the glitch to be taken advantage of. On January 28, 2019 Houston attorney Larry D. Williams II filed a lawsuit against Apple for product liability, negligence, warranty, and fraudulent misrepresentation.[9] Williams alleges that while he did not misuse his iPhone in any way, the FaceTime bug allowed an unknown person to eavesdrop on the sworn testimony of a client during a private deposition.[10]

Not only are the potential consequences for the bug troubling, the security concern, labeled “FacePalm” by security researchers, has raised concerns about what other bugs are slipping through Apple’s quality control.[11] Bugs like these are commonly sold to governments, defense contractors, and cyber criminals who weaponize them to obtain information from people’s devices.[12] The New York Times reports that brokers can potentially sell these bugs for millions of dollars, with the caveat that the seller not reveal the software flaw to the vendor so it will not be fixed in a timely manner.[13]

In 2016 Apple announced it would provide rewards to individuals who notified the company of potentially lucrative bugs through its “bug bounty” program.[14] In some cases this program can pay up to hundreds of thousands of dollars to researchers who report bugs to Apple.[15] At the beginning of February Apple announced it would pay Grant Thompson for reporting the problem through this payment program.[16] It is lucky for Apple that an honest teenager discovered the problem rather than a hacker looking to make more than Apple is willing to pay.

[1]See Nicole Perlroth, Apple was Slow to Act on FaceTime Bug that Allows Spying on iPhones, NYT (Jan. 29, 2019), https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html.

[2]See id.

[3]See id.

[4]See id; see also Shara Tibken, iOS 12.1 with Group FaceTime, New Emoji, Dual-SIM out now on iPhones and iPads, CNET, (Oct. 30, 2018), https://www.cnet.com/news/ios-12-1-group-facetime-new-emoji-dual-sim-out-now-on-iphones-and-ipads/.

[5]See Nicole Perlroth, Apple was Slow to Act on FaceTime Bug that Allows Spying on iPhones, NYT (Jan. 29, 2019), https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html.

[6]See Nicole Nguyen, A FaceTime Bug Allows You to Access Someone’s iPhone Camera and Microphone Before the Pick Up, Buzzfeed News, (Feb. 1, 2019), https://www.buzzfeednews.com/article/nicolenguyen/facetime-bug-iphone.

[7]See Todd Haselton, Apple FaceTime Bug Lets You Listen in on People you Call, Even if they Haven’t Picked Up Their iPhone, (Jan. 28, 2019), https://www.cnbc.com/2019/01/28/apple-facetime-bug-lets-you-listen-even-if-someone-doesnt-answer.html.

[8]See Nicole Perlroth, Apple was Slow to Act on FaceTime Bug that Allows Spying on iPhones, NYT (Jan. 29, 2019), https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html.

[9]See Laurel Brubaker Calkins, Apple Gets Sued Over FaceTime Bug that lets  People Eavesdrop, Bloomberg, (Jan. 29, 2019), https://www.bloomberg.com/news/articles/2019-01-30/apple-sued-by-lawyer-over-facetime-bug-eavesdropping-on-client; see also Mike Snider, Apple FaceTime Lawsuit, SCRIBD, (Jan. 28, 2019), https://www.scribd.com/document/398585118/Apple-FaceTime-Lawsuit#from_embed.

[10]See id.

[11]See Nicole Perlroth, Apple was Slow to Act on FaceTime Bug that Allows Spying on iPhones, NYT (Jan. 29, 2019), https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html.l

[12]Id.

[13]Id.

[14]See Robert McMillan, Apple to Reward Teen as it Patches FaceTime Bug, WSJ, (Feb. 7, 2019), https://www.wsj.com/articles/apple-to-reward-teen-as-it-patches-facetime-bug-11549572939.

[15]See id.

[16]See id.