According to The Wall Street Journal, a 14-year-old in Arizona discovered the same security flaw earlier this month while he was using FaceTime to set up a Fortnight gaming session with friends. According to the report the teenager’s mother, Michele Thompson, reported the bug to Apple, calling and faxing the company, and emailing with the security team days before news reports were published about the bug.
The mother and son also posted about the issue on social media but Thompson, a lawyer, said it was frustrating trying to get Apple’s attention.
According to NBC News, Thompson even registered as a developer with Apple so she could log a bug report. She had hoped her son could claim a “bug bounty”; money Apple pays to tipsters that alert them to issues before they become public.
However the report process required technical knowledge that only a developer would have, and Thompson’s attempts to contact Apple through its lawyers yielded no response. The bug eventually became public knowledge following the 9to5Mac article and a viral Twitter video posted by Benji Mobb, who used his moment in the sun to promote his line of custom t-shirts.
Apple has now disabled Group FaceTime until it fixes the issue.
Apple’s system status webpage, which lets users know whether an app or service has a problem, says that “Group FaceTime is temporarily unavailable.” The group video-calling feature was disabled at 2.16pm Tuesday, AEDT, and remains offline.
Users can disable FaceTime by going to settings, scrolling down to the FaceTime app and toggling it off.
The security lapse is especially significant because Apple markets itself as a consumer tech company dedicated to privacy and security. The company has also tried to distinguish itself from rival Silicon Valley tech giants by emphasising its commitment to excellence in hardware, in contrast to business models that rely on widespread data collection.
At this month’s CES, the annual consumer tech conference, Apple touted its commitment to privacy on a giant billboard in Las Vegas. “What happens on your iPhone stays on your iPhone,” said the massive ad, which spanned the height of a multistory building and was seen as a not-so-subtle dig at Google.
The discovery of the serious security problem came just a day before the company is scheduled to disclose its quarterly earnings. The timing may be especially trying for investors. Earlier this month, Apple CEO Tim Cook rattled stockholders and the broader stock market when he announced that company earnings would fall short of estimates, owing to a deep economic slowdown in China. That was the first time the company scaled back its quarterly sales estimates in more than 15 years.
Washington Post, with staff reporters