Apple didn't respond as quickly and seriously as they should have on that FaceTime bug (still not fixed!), because it came from a random Arizona 14 year old and his mom — that's the implication of a pretty damning tick-tock piece out today in the New York Times on the vulnerability report that set the internet on fire this week, and had everyone appropriately turning off Facetime on their Apple devices.
From the Times story by Nicole Perlroth:
On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple's video chatting software, he could eavesdrop on his friend's phone before his friend had even answered the call.
His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a "major security flaw" that exposed millions of iPhone users to eavesdropping. When she didn't hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple's security team, and posting to Twitter and Facebook. On Friday, Apple's product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report.
But it wasn't until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com, in an article that went viral.
The bug, and Apple's slow response to patching it, have renewed concerns about the company's commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products. Hours before Apple's statement addressing the bug Monday, Tim Cook, the company's chief executive, tweeted that "we all must insist on action and reform for vital privacy protections."
"My fear is that this flaw could be used for nefarious purposes," Michele Thompson wrote in a letter to Apple reporting the FaceTime vulnerability now known as #FacePalm.
"Although this certainly raises privacy and security issues for private individuals," she wrote, "there is the potential that this could impact national security if, for example, government members were to fall victim to this eavesdropping flaw."
Read the entire piece at the New York Times:
Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones
We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.
— Tim Cook (@tim_cook) January 28, 2019