In a letter addressed to Cook, House Energy and Commerce Chairman Frank Pallone (D-NJ) and Representative Jan Schakowsky (D-IL) inquire about the origins of Apple’s Group FaceTime bug and its impact on customer privacy. Pallone and Schakowsky also ask if there are other flaws in the videotelephony product that have not been disclosed to the public.
Citing smartphone usage statistics, with a heavy emphasis on distribution among children, the letter suggests Apple has not been transparent on what Pallone and Schakowsky deem a serious privacy issue. Apple has not been open about its investigation into the FaceTime vulnerability, nor has the company detailed steps being taken to protect consumers, the letter reads.
Last week, reports of a massive FaceTime flaw surfaced on Twitter. Impacting current versions of iOS up to the latest iOS 12.1, the bug enables a FaceTime caller to eavesdrop on another user before they pick up the call. In some cases, brief access to a receiving party’s camera is also granted.
Apple disabled Group FaceTime in a server-side shutdown mere hours after the flaw was made public. A fix was promised to arrive last week, but was later delayed for inclusion in a software update this week.
While mainstream media outlets caught wind of the vulnerability last week, Apple was reportedly notified of the issue more than two weeks ago.
Grant Thompson, a 14-year-old from Tucson, Ariz., independently discovered the flaw during a “Fortnite” gaming session in late January. Thompson’s mother Michele attempted to inform Apple about the bug over the ensuing week, going so far as to file bug reports with the company. Whether Thompson’s reports were lodged through official channels is unknown.
Pallone and Schakowsky in their letter ask Apple to detail the timeline of events leading up to the discovery of the FaceTime flaw, what actions were taken to address the issue, what procedures were in place to safeguard against such vulnerabilities and how they failed, what safeguards are now in place as a result of the discovery and why it took Apple so long to respond to Thompson’s bug report. The letter also requests information regarding steps taken to determine whether customer privacy was violated and, if so, whether the company intends to compensate users.
Apple is currently facing a lawsuit from Texas lawyer who claims an interloper leveraged the Group FaceTime bug to eavesdrop on a deposition, while a Montreal law firm filed a class action suit against Apple last week.
The letter from House Democrats arrives days after the announcement of a New York state probe into the matter.
Apple is asked to respond to Pallone and Schakowsky’s questions in writing by Feb. 19.