This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
SALT LAKE CITY — Apple’s FaceTime bug seems a bit like something from a creepy sci-fi novel.
The bug allowed those using FaceTime to call another iPhone, iPad or Mac computer and hear audio on the receiver’s end — even if the receiver didn’t accept the call. The bug was triggered when callers added themselves to the same call to start a group chat, making FaceTime believe the receiver had accepted the call.
Once the bug was discovered and published on tech blogs, Apple disabled the group chat function and said a fix would be released in a software update later this week.
Rajeev Balasubramonian, a professor at the University of Utah’s School of Computing who specializes in security and privacy research, said this likely won’t be the last we see of bugs (or more sinister software engineering) that could present a breach of privacy.
While Balasubramonian believes Apple’s bug was not a malicious one (probably just a software developer — or team — that made a mistake while coding), the average user is at the mercy of both the competency and honesty of the app or device developers.
“Unfortunately, there’s no way to prove that these applications don’t have breaches," he said. "Any of these applications that access our microphone or camera, it’s entirely possible that there’s a backdoor error that causes people to have an ‘in.’ It’s also entirely possible that they could create an app that might be stealing information.”
Balasubramonian recommends two easy steps all tech users can take to ensure their privacy remains relatively intact:
Update your software
“Make sure you update your software regularly because people are finding these (bugs) in the background, and fixes are being done on a weekly basis. So updating your computer is probably the best advice that you can give,” he said.
Most devices and apps allow users to enable automatic updates so they don’t have to worry about manually updating them every time a new bug is fixed. Check out your app store and phone or computer settings to enable those automatic updates.
Be judicious about the permissions you give apps and devices
Have you ever opened an app and had a notification pop up, asking your permission to use the camera or microphone? Oftentimes, you have to reply “yes” if you want to use the functions of the app, but do you know what the implications are?
Balasubramonian recommends turning off those permissions after using the app.
“I don’t give permissions by default, and so if any app wants access to my location or my camera, I have to explicitly click a button to make that happen. I think that helps, but it’s, again, not foolproof because you may click ‘yes’ because that application absolutely needs the GPS, for example, but I have no idea what’s being done once the app knows exactly where I am. There could still be something malicious happening in the background.“
If you want to stop giving an app certain permissions after you’ve already agreed to do so, you can change those permissions by going to settings and clicking on “apps” or “privacy.”
If you click on a specific app in your settings, you can usually choose which permissions you want to allow and turn off camera, microphone or location permissions. You can also change how much of your information is given to advertisers under "privacy."
“It is one of the grand challenges of computer science to prove that some software or hardware doesn’t have any security/privacy bugs,” Balasubramonian said. “This is partly because there is a long list of vulnerabilities that haven’t yet been discovered. So any device or app that we use today may fall prey to a security/privacy attack tomorrow.”
There are tools to prove that software meets certain specifications (and there may be a good chance that the use of one of those tools could have helped Apple avoid the FaceTime bug), but users can limit the scope of privacy vulnerabilities by following simple steps like updating their software or being careful about the permission they allow, Balasubramonian added.
“People should just be aware that these things are just going to keep happening,” he said.