Apple might pay 14-year-old who found eavesdropping bug on FaceTime

Updated on 03-Jun-2020
HIGHLIGHTS

Apple generally doesn’t count such a discovery as a “bug bounty” but could make an exception just this once and cough up.

Highlights:

  • Apple could reward 14-year-old who discovered the Group FaceTime bug
  • The bug allows callers to eavesdrop on other FaceTime users
  • Group FaceTime has been disabled and a fix to re-enable it will roll out only next week

 

Apple has apparently done quite a bit of firefighting in the last couple of weeks after a fourteen-year-old user from Tucson, Arizona reported a major flaw in Apple’s FaceTime app. The bug in question, for which a fix will be available only next week, allowed callers using Group FaceTime to eavesdrop on other FaceTime users when their call wasn’t answered. Since then, Apple has disabled Group FaceTime, publicly apologised to its users, and has been sued by the user’s mother. According a new report by CNBC, an Apple executive flew in to meet with the user and take feedback. The young user could receive a reward for his discovery.

According to CNBC’s report, the executive (who wasn’t named) flew in to Tucson to meet with the fourteen-year-old bug reporter, Grant Thompson and his mother, Michele Thompson and “thanked [them] in person and also asked for [their] feedback, asked [them] how they could improve their reporting process.” Michele Thompson went on to say, “They also indicated that Grant would be eligible for the bug bounty program. And we would hear from their security team the following week in terms of what that meant.”

As far as offering the young bug reporter a reward goes, Apple is clearly making an exception in this case because its “bug bounty” programme, according to 9to5Mac, generally works on an invite-only basis and is limited to specific categories of security flaws. For example, demonstrating an iCloud account attack or showing how iPhone apps are getting around the security architecture of iOS could merit a bounty but reporting minor bugs does not. Grant Thompson, on the other hand, will reportedly continue to use Apple products despite the Group FaceTime debacle because he believes Apple is still committed to protecting users’ privacy.

Apple introduced Group FaceTime in eligible iPhones, iPads, and iPods as part of iOS 12.1 back in October 2018. According to Apple, the feature allows a maximum of 32 users to participate in a group video call. Additionally, it can detect the current speaker in the call and highlight their feed. iOS 12.1 brought other features with it like ringless notifications, Group FaceTime integration in the Messages app, and a pack of seventy new emojis.

 

Related Read: Apple FaceTime bug lets you listen in on people even if they don't pick up the call

 

Vignesh Giridharan

Progressively identifies more with the term ‘legacy device’ as time marches on.

Connect On :