Apple FaceTime bug prompts investigation from NY attorney general

The probe is focused on Apple's response to the eavesdropping vulnerability.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

The NY Attorney General's office is investigating Apple over its FaceTime bug.


Apple is now facing a formal investigation over its FaceTime eavesdropping bug.

New York Attorney General Letitia James announced the probe on Wednesday, saying Apple failed to warn people about the security flaw and didn't address the issue quickly.

Apple's FaceTime feature suffered from a security vulnerability through which callers could eavesdrop on recipients, even if the person receiving the call didn't pick up the phone. It worked by exploiting an issue with the Group FaceTime feature and adding a third person onto the call.

The tech giant said a fix would be coming soon and has disabled Group FaceTime until then. 

The investigation will focus on Apple's response to the FaceTime bug. The attorney general's office is accepting public complaints about the vulnerability on a hotline at 1-800-697-1220.

"New Yorkers shouldn't have to choose between their private communications and their privacy rights," James said in a statement. "This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years."

Watch this: You should disable Apple FaceTime now

Apple didn't respond to a request for comment about the investigation.

The bug became public knowledge on Monday after 9To5Mac reported it, but a mother in Arizona said she'd been trying to warn Apple for over a week before it was revealed to the world. Michele Thompson, an attorney in Arizona, said her 14-year-old son discovered the security flaw while trying to play Fortnite with his friends on Jan. 19.

Thompson said she'd reached out to Apple, including the company's product security team, multiple times after that -- by phone calls, emails, messages on Facebook and Twitter, and, at one point, a fax.

Group FaceTime has been available since late October, when Apple rolled out the feature on iOS 12.1. The feature lets up to 32 people join in on the same video call.

The investigation is also backed by New York Gov. Andrew Cuomo, who called the "egregious bug" a "serious consumer rights issue."

"We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again," Cuomo said in a statement. He warned consumers about the bug on Monday. 

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night. 

NASA turns 60: The space agency has taken humanity farther than anyone else, and it has plans to go further.