iPhone Facetime eavesdrop bug: Now lawmakers demand answers from Apple

Apple accused of not being transparent about its response to the Group FaceTime eavesdropping bug.

Democrats on the House Energy and Commerce Committee have asked Apple to explain how it handles security bug reports, following claims it responded slowly to the FaceTime privacy glitch. 

The bug allowed FaceTime users to listen in on other users' calls even without the recipient answering the call. Apple faced criticism over claims that it had been notified of the bug by an iPhone user a week before it hit mainstream media and forced Apple to take the Group FaceTime feature offline

The bug was found by 14-year-old Grant Thompson, whose mother reported the issue to Apple, but only after several unsuccessful attempts.   

The House committee, headed up by Frank Pallone Jr (D-NJ), on Tuesday sent a letter to Apple CEO Tim Cook demanding written answers by February 19 about the company's response to the FaceTime bug.

"As a first step, we believe it is important for Apple to be transparent about its investigation into the Group FaceTime vulnerability and the steps it is taking to protect consumers' privacy," the letter states. "To date, we do not believe Apple has been as transparent as this serious issue requires."  

The committee wants to know whether Apple knew about the FaceTime bug before being notified by Thompson's mother and if so, when did it become aware of the bug. It also wants Apple to provide a timeline of steps it took after first identifying the issue. 

The lawmakers also have questions about how Apple tests its products for vulnerabilities before releasing them to the public and why Apple took so long to disable Group FaceTime after Thompson's report. 

SEE: Apple iOS 12: An insider's guide (free PDF)

The committee expects Apple to reveal whether it intends to notify and compensate consumers for any privacy violations that may have been caused by the bug. 

It also wants to know of any other undisclosed bugs that Apple has yet to address and which could similarly give unauthorized access to an iOS device's microphone or camera.    

New York state officials are also investigating the response to the FaceTime bug by Apple, which is already facing one lawsuit over the matter. 

Apple issued a statement last week explaining that it disabled Group FaceTime "as soon as our engineering team became aware of the details necessary to reproduce the bug".

However, it also promised to improve the processes it uses to escalate reports it receives.  

Apple is planning to release an iOS patch that addresses the bug this week.  

Previous and related coverage

iPhone FaceTime bug: Now Apple sued over eavesdrop on lawyer's client phone call

Apple sued over FaceTime eavesdropping bug and faces criticism for not responding to bug reports.

Apple apologizes for FaceTime eavesdropping bug, update coming next week

Group FaceTime calls are currently disabled for all users through the server, and a software update will arrive next week to completely fix the issue.

Apple FaceTime bug prompts investigation from NY attorney general CNET

 The probe is focused on Apple's response to the eavesdropping vulnerability.

Severe vulnerability in Apple FaceTime found by Fortnite player

The teen's mother attempted to contact Apple with no success.

Apple disables Group FaceTime function that was allowing callers to listen and view without your consent

Apple iPhone users discovered a serious FaceTime bug that lets you hear audio from another iPhone or even view live video without the recipient's knowledge.

Apple gets egg all over its FaceTime

The bug that allows people to listen in to other people's phones and even see video hits Apple where it truly hurts -- in its protestations of privacy protection.

iOS 12.1.1 is now available, fixes an annoying FaceTime feature

The update includes bug fixes and FaceTime improvements.

How to disable FaceTime (so no one can eavesdrop on your iPhone or Mac) CNET

An Apple FaceTime bug can let callers hear and see you, even if you don't accept the call. Here's how to protect yourself until there's a permanent fix.

How Apple Group FaceTime could replace Google Hangouts Chat and Skype for Business TechRepublic

At WWDC, Apple announced a new feature for iOS 12 that will allow FaceTime to accommodate up to 32 people at once. This could make Apple a contender in the enterprise video conferencing realm.