Apparently, ever since Apple introduced group FaceTime messaging in iOS 12.1 at the end of October, they also introduced a HUGE security flaw for the last several months. This exploit, flaw, or hack, so speak, was just made publicly available just a couple of days ago.
If you were to start a FaceTime call to a contact on your phone you could access their microphone and their video camera without them accepting the call! Apple has disabled group FaceTime messages until they figure out where they went wrong in their code. All you had to do was call someone on FaceTime, no matter the device, and if they do not answer, simple “Add another user/contact” to the call (yourself) as a group FaceTime. By adding another user to the call (yourself) would trick their phone into answering/sharing their microphone and video camera with your phone.
The seemed to just connect the call because the 3rd person on the call already had an ongoing FaceTime request or call going; however, it seemed to bypass the part of the security of the phone but auto-answering for the user because they were already “talking” to the original or source caller even though the initial call request had not been allowed/authenticated yet. It just sounds like their logic in the group FaceTime did not follow the same functional security layers that a person to person FaceTime call normally would. This could be an easy fix for Apple or they may have to re-write a lot of their code until we see group FaceTime messages again, one thing is for sure, not a good move on Apple’s part.
In order to make sense of all this, check out the website below that contains a video to see an example of what I am talking about. You can try it yourself but it does not work anymore currently as Apple has disabled group FaceTime for the time being. If you are worried someone could do this to you still, feel free to disable FaceTime in your Settings app.
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, web design and much more. Give us a call for remote support or drop in to drop off.