Teen’s FaceTime bug discovery puts Apple on hot seat
Probes, delay in handling issue pose problems
Fourteen-year-old Grant Thompson says he and his mom emailed, called, tweeted and even faxed Apple to report an eavesdropping bug that allowed just about anyone to turn an iPhone into a live microphone. He says it took nine days for a response. Apple has identified a fix, but the problem could dog the company for much longer.
New York state officials have opened an investigation. Others question how long it took Apple to fix the bug. Apple says it’s committed to improving the reporting process.
At the heart of Apple’s shocking FaceTime bug, which allowed just about anyone to turn an iPhone into a live microphone, stands a 14-year-old boy who stumbled upon the eavesdropping flaw more than a week before Apple took action.
“The thing that surprised me the most was that this glitch happened in the first place,” said Grant Thompson, a high school freshman in Tucson, Ariz. “I’m only 14, and I found it by accident, instead of the people at Apple that get paid to find glitches.”
Not only that, but Grant and his mom said they spent a week unsuccessfully trying to get Apple to do something about the bug in its FaceTime group-chatting feature.
“It took nine days for us to get a response,” he said. “My mom contacted them almost every single day through email, calling, faxing.” Of the fax, he jokes, “I’m not even sure what that is. It’s probably older than I am.”
This eavesdropping scare is over now that Apple has disabled group chats, but the problem could dog the company for much longer. New York state officials have opened a consumer rights investigation. Others are raising questions about how long it took Apple to address the bug.
In a statement Friday, Apple thanked the Thompsons as it announced that it has identified a fix and will release it next week. FaceTime group chatting will resume then.
Grant, a straight-A student who plays basketball, does community volunteering and enjoys the video game “Fortnite,” was calling friends to play the game on a Saturday night, Jan. 19, when he discovered the flaw.
“If a 14-year-old kid discovered it, I wonder how many other people discovered it,” said Chris Wysopal, chief technology officer with the security firm Veracode.
Apple hasn’t said whether it has records that could answer that question.
Apple’s engineers worked quickly once it got the details needed to reproduce the bug. Although Apple didn’t acknowledge a delay, the company said it was “committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible.”
The company — at first praised for its swift response — could come under increased scrutiny as regulators seek to learn more about the vulnerability.