Mikey Campbell
Two members of the U.S. House of Representatives called on Apple CEO Tim Cook to answer questions about the company's FaceTime fiasco on Tuesday, saying they were "deeply troubled" by press reports detailing how long it took the company to address what is characterized as a privacy violation.
In a letter addressed to Cook, House Energy and Commerce Chairman Frank Pallone (D-NJ) and Representative Jan Schakowsky (D-IL) inquire about the origins of Apple's Group FaceTime bug and its impact on customer privacy. Pallone and Schakowsky also ask if there are other flaws in the videotelephony product that have not been disclosed to the public.
Citing smartphone usage statistics, with a heavy emphasis on distribution among children, the letter suggests Apple has not been transparent on what Pallone and Schakowsky deem a serious privacy issue. Apple has not been open about its investigation into the FaceTime vulnerability, nor has the company detailed steps being taken to protect consumers, the letter reads.
Last week, reports of a massive FaceTime flaw surfaced on Twitter. Impacting current versions of iOS up to the latest iOS 12.1, the bug enables a FaceTime caller to eavesdrop on another user before they pick up the call. In some cases, brief access to a receiving party's camera is also granted.
Apple disabled Group FaceTime in a server-side shutdown mere hours after the flaw was made public. A fix was promised to arrive last week, but was later delayed for inclusion in a software update this week.
While mainstream media outlets caught wind of the vulnerability last week, Apple was reportedly notified of the issue more than two weeks ago.
Grant Thompson, a 14-year-old from Tucson, Ariz., independently discovered the flaw during a "Fortnite" gaming session in late January. Thompson's mother Michele attempted to inform Apple about the bug over the ensuing week, going so far as to file bug reports with the company. Whether Thompson's reports were lodged through official channels is unknown.
Pallone and Schakowsky in their letter ask Apple to detail the timeline of events leading up to the discovery of the FaceTime flaw, what actions were taken to address the issue, what procedures were in place to safeguard against such vulnerabilities and how they failed, what safeguards are now in place as a result of the discovery and why it took Apple so long to respond to Thompson's bug report. The letter also requests information regarding steps taken to determine whether customer privacy was violated and, if so, whether the company intends to compensate users.
Apple is currently facing a lawsuit from Texas lawyer who claims an interloper leveraged the Group FaceTime bug to eavesdrop on a deposition, while a Montreal law firm filed a class action suit against Apple last week.
The letter from House Democrats arrives days after the announcement of a New York state probe into the matter.
Apple is asked to respond to Pallone and Schakowsky's questions in writing by Feb. 19.
AppleInsider Staff
Andrew Orr
Amber Neely
William Gallagher
Christine McKee
28 Comments
Honestly, I get that it’s a serious bug, but that’s all it is. How is it different from any of the other security flaws in PC’s/Macs/Androids/iphones/etc that are discovered on a regular basis? Except for the fact that Apple closed the hole by shutting down the server almost as soon as it was discovered.
It took a week after the kid's mom notified Apple about the thing for Apple to respond to the issue publicly.
I'm just saying.
Just a pile of stupid politicians posturing again for something they are totally clueless about. If the people who literally "tripped" over this bug, would have just been patient, everyone these days thinks that things happen instantly and they don't, Apple would have fixed it and it would not have been a big thing, and it really wasn't you had to intentionally add yourself to a multiple person FaceTime conversation, of which you were already in to do this, who does that?? ever....
Uhhhh, many people died from faulty GM ignitions and it took them like a decade to fix it and let's not even talk about the deaths and injuries associated with faulty air bags that are still in millions of cars in the US. A corporation this large cannot! move like some 1000 employee company where everyone drops everything. There are systems in place to ensure that something even worse doesn't occur in haste. Think of it like a false alarm in Hawaii where someone is pressing the launch button because we want to act quickly. Noooooooooooooo!