Apple needs more FaceTime with its bug team

A major flaw in Apple’s FaceTime, a video-chatting app for iPhones and Macs, enables you to listen in and watch what the person you’ve just called is doing – even when the person hasn’t picked up the phone. The bug was discovered by a teenage boy in Arizona trying to simply chat with a friend on the app. Because it involves high-level features of the app, the microphone and camera, it is considered a major bug. Apple has not yet released a patch.

Moms are not prime sources of info for Apple

The boy’s mother also thought it was a big security issue. They made a video of the bug the following day and spent a week trying to tell Apple they had a major, major issue on their hands. Her Apple outreach included emails, faxes, and social media such as Twitter and Facebook. After several days, Apple suggested she set up a developer account and send them an official bug report. That’s not a very “customer-centric” attitude, especially for a non-technically minded person. It was only after news of the bug was publicized in the IT press did Apple really get involved.

Don’t wait for Godot or an Apple

If you and a friend both have Macs or iPhones, this might be your golden opportunity to test-drive this gaping security bug on your own. You can first watch the video – reportedly made by the mother – for a proof of concept. Then check out the DIY descriptions written up in 9to5Mac or the Verge.  Apple is reportedly working on some sort of a patch but there has been no word of when it could be released. In the meantime, FaceTime users have been advised to go to their devices’ setting and simply turn the app.

Bugs are worth lots of money

Bugs can be worth phenomenal amounts of money – particularly for ones to Apple’s iOS. Some have reportedly been sold for $2 million. Since this bug does leave evidence behind and information about it has been publicized, it’s not worth so much now. It’s not clear if or when this intrepid teenager – or his mom – will get a payoff. Apple does have a bug bounty system that can pay rewards of up to $200,000.

It’s a big question for Quality Assurance

The jury is out whether the boy or his mom will get any payoff. In addition, someone else has sued, declaring that the flaw was misused. The bigger question, beyond a direct cash payout, is over how such a big flaw in the app managed to get out of QA testing in the first place.

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.