Apparently, ever since Apple introduced group FaceTime messaging in iOS 12.1 at the end of October, they also introduced a HUGE security flaw for the last several months. This exploit/flaw/hack so speak was just made publicly available just a couple of days ago.
If you were to start a FaceTime call to a contact on your phone you could access their microphone and their video camera without them accepting the call! Apple has disabled group FaceTime messages until they figure out where they went wrong in their code. All you had to do was call someone on FaceTime, no matter the device, and if they don’t answer, simple “Add another user/contact” to the call (yourself) as a group FaceTime. By adding another user to the call (yourself) would trick their phone into answering/sharing their microphone and video camera with your phone.
The seemed to just connect the call because the 3rd person on the call already had an ongoing FaceTime request/call going; however, it seemed to bypass the part of the security of the phone but auto-answering for the user because they were already “talking” to the original/source caller even though the initial call request had not been allowed/authenticated yet. It just sounds like their logic in the group FaceTime didn’t follow the same functional security layers that a person-to-person FaceTime call normally would. This could be an easy fix for Apple or they may have to re-write a lot of their code until we see group FaceTime messages again, one thing is for sure, not a good move on Apple’s part.
In order to make sense of all this, check out the website below that contains a video to see an example of what I’m talking about. You can try it yourself but it doesn’t work anymore currently as Apple has disabled group FaceTime for the time being. If you are worried someone could do this to you still, feel free to disable FaceTime in your Settings.app
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more. Give us a call for remote support or drop in to drop off.