The security breach of FaceTime that has just been publicly revealed had been reported to Apple a week earlier. The security department of the firm nevertheless seems to have ignored the warnings.
A FaceTime bug has just been made public. It allows to use the application to listen to the conversations of his correspondent, even if it does not answer the call. This is a relatively large security breach, although it still requires that the victim does not notice that his phone is ringing – which can happen to those who are in the habit of silencing their smartphone.
Apple responded quickly by disabling the ability to make group calls with the app. Quickly? Maybe not so much! Indeed, a lawyer named Michele Thomson had reported this security breach to Apple on January 22, a week earlier. This report was made via an email sent to firstname.lastname@example.org, which is the procedure recommended by the firm itself in case of discovery of a security breach.
Unanswered, Mrs. Thomson repeated her warnings, including another email sent January 25, but also faxes. "I did my best to bring them back [cette faille], and they did not listen, "she told CNet. She even tweeted Tim Cook directly before changing her mind and erasing the message shortly thereafter.
Although a lawyer with long administrative procedures and perfectly orchestrated, Michele Thomson has described as "exhausting and exasperating" the procedure to report a security breach to Apple.
During this procedure, Apple responded well to the emails of the lawyer … to then redirect to the tracker of online bugs Apple. A procedure that requires registration to obtain a "developer" account.
Here is the official bug report to Apple. Note that the mom self-describing "not at all techy" and was baffled that Apple Support asked her, an average citizen, to sign up for an Apple developer account to then submit an official bug report, in order to be taken seriously pic .twitter.com / PWdrsych5t
– John H. Meyer (@BEASTMODE) January 29, 2019
The flaw discovered by a teenager
Michele Thomson says the security breach was actually discovered by her 14-year-old son. He encountered this bug while trying to create a group discussion with his friends so he could coordinate in a group during a game of Fortnite.
Victor Chebyshev, a security researcher at Kaspersky, points out that "today's software includes so many lines of code that it's almost impossible to guarantee 100% freedom from bugs, and software vendors trust cybersecurity experts to help them discover, and repair such bugs before they can be exploited by malicious people. " Everyone is unfortunately not expert, and Apple should also listen to its users with more attention.