I've been bouncing back and forth between my iPhone XS and a Galaxy Note 9 for the past few days. After switching to the iPhone and jumping on Twitter I read about a major security issue with FaceTime from Benji Mobb's Twitter video. I immediately tested this out with my family and was a bit rattled by the results.
Also: I asked Apple for all my data. Here's what was sent back
In turns out there is a serious issue with FaceTime that allows you to listen in, or even view video, from a recipient's iPhone without that person ever answering the FaceTime call. The Verge was able to reach an Apple spokesperson and Apple is aware of the issue with plans to release a software update later this week.
UPDATE: Apple has disabled Group FaceTime capability on the server side so that people are no longer able to exploit this flaw until a software update can be issued. It only took a few hours since the first reports of this issue were discovered for Apple to take action so kudos to them for such a quick response.
My family and I are running Apple iOS 12.1.3 on our iPhone XS and iPhone 7 devices. If you want to test this out, call someone via FaceTime and before they answer swipe up and then add your own phone number to the call. That's it, FaceTime then assumes all parties are on the group FaceTime and you can hear the other person even if they did not answer the call.
FaceTime is essentially answering the call for that person so it ends up being a group FaceTime conversation. If you speak, then the other person can hear you and hold a conversation, but this could be used to maliciously listen in to someone's iPhone without their knowledge.
Also: Goodbye iPhone XR: Signal strength and size bring me back to the iPhone XS
Dieter Bohn, from the Verge, discovered that video can also be viewed without the recipient's knowledge. If the recipient of the call hits the right side button or the volume button to ignore the call, video from their iPhone will be broadcast back to you.
Until Apple issues a fix for this, the safest bet is to disable FaceTime on your iPhone this week. If you keep it active, just be aware that incoming callers may be able to listen and/or view you from your iPhone. There is also some users who have shown this works with FaceTime on a Mac, but I don't have a Mac to test this with.
While Apple is generally a very secure company for mobile technology, this FaceTime issue follows recent reports that AirPods Live Listen can also be used maliciously to spy on others by leaving your own iPhone in a room while your AirPods are in your ear and activated.
Apple, you really need to fix these stupidly outdated iOS design decisions