Lawmakers have questions for Apple about FaceTime eavesdropping bug

Congress members say they're "deeply troubled" by reports about the vulnerability.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Congressional lawmakers want answers about FaceTime's eavesdropping bug.

César Salza / CNET

Congressional lawmakers sent a letter Tuesday to Apple CEO Tim Cook asking for more information about a FaceTime bug that allowed users to eavesdrop on each other.

The letter -- penned by Rep. Frank Pallone Jr. (D-N.J.), chairman of the House Energy and Commerce Committee, and Rep. Jan Schakowsky (D-Ill.), chairwoman of the Consumer Protection and Commerce Subcommittee -- said they're "deeply troubled" by reports that the vulnerability could inadvertently or intentionally turn any Apple device into a listening device.

"We are writing to better understand when Apple first learned of this security flaw, the extent to which the flaw has compromised consumers' privacy, and whether there are other undisclosed bugs that currently exist and have not been addressed," the letter said (PDF).

The bug, revealed in late January, is a black eye for a company that prides itself on its efforts to protect its users' information. Cook has advocated for more privacy regulation and taken subtle shots at companies that use people's data to create personalized ads.

The vulnerability allowed FaceTime users to call another device and hear audio on the other end before the recipient answered the call and without the other user's knowledge. Apple said Friday it'd fixed the vulnerability on its servers and that it would issue a software update to re-enable Group FaceTime sometime this week.

"As a first step, we believe it is important for Apple to be transparent about its investigation into the Group FaceTime vulnerability and the steps it is taking to protect consumers' privacy," Pallone and Schakowsky wrote. "To date, we do not believe Apple has been as transparent as this serious issue requires."  

The letter requests specific information about when the company first learned of the vulnerability and a timeline for Apple's response, including why it took so long to address the bug once it was identified. They also have questions about testing procedures and what the company is doing for those consumers who may have been affected by the bug.

 Apple didn't immediately respond to a request for comment.

Privacy fight: Apple restores Facebook's permission to run internal apps

The return of the iPhone SE: The phone's available in the box, not as a refurb.