Recommended reading

Apple Now Facing Lawsuit Over FaceTime Glitch

News
By published

An attorney from Houston, Texas filed a lawsuit against Apple on Monday over the FaceTime bug disclosed yesterday that allowed potential attackers to spy on private FaceTime conversations that were supposed to be secured with end-to-end encryption.

FaceTime Fail

The FaceTime software flaw allowed others to hear what the people they were calling were talking about before the targets answeres the call or were aware that someone was listening in on them. The bug arrived along with the most recent updates to iOS, and Apple hasn’t yet explained how such a bug could have been born. The company responded to the media reports about the bug by immediately shutting down its FaceTime servers until it could address the issue.

In the lawsuit, Larry Williams II argues that Apple didn’t give people enough warning about this issue once it discovered it. The lawsuit also states that Williams was with a client who was doing a private deposition, which he now thinks was compromised by the FaceTime bug. The lawyer is seeking punitive damages against Apple for claims of product liability, negligence, warranty and fraudulent misrepresentation.

The reports about the bug came out on Data Privacy Day, when Apple’s CEO Tim Cook tweeted: “We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.” At the time of writing, that remains his most recent tweet. 

Bug or Backdoor?

Some security experts on Twitter have noticed that the way the bug works seems eerily similar to what the U.S.' FBI, UK's Government Communications Headquarters and other proponents of software backdoors have been recommending as a “solution” to the encryption "problem.” Through this software flaw, a third-party could be added to a conversation between other people without their notice. However, as most experts have warned, this type of so-called backdoor solution makes users unsafe. 

If this was only an innocent software bug, then it’s a rather strange one, as this shouldn’t be the kind of simple mistake any programmer could easily make when writing FaceTime code. If Williams’ lawsuit goes forward, it may shine more light on how exactly the bug happened.

TOPICS
Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
6 Comments Comment from the forums
  • jaexyr
    Hahaha
    Reply
  • JamesSneed
    lol tin foil hat time. Its a bug, obviously.
    Reply
  • CerianK
    However, we no longer live in a time where back-doors are tolerated as such. For them to exist intentionally and still allow for plausible deniability, they have to be hidden in plain sight and/or disguised as a bug. Therefore there will be no provable 'light on how exactly the bug happened', even if it is truly innocent.
    Reply
  • derekullo
    It seems rather convenient that he would wait till Apple discloses the already fixed bug before filling a lawsuit.

    According to the article as soon as Apple was made aware of the issue they took down the FaceTime service.

    An immediate warning to all users wasn't needed since they had already taken down the service.

    Once it was fixed Apple sent a patch out and turned the service back on, along with notifying their users about the issue.

    The bug itself was potentially a big issue and definitely arguable about in court.
    Reply
  • hoofhearted
    The conspiracy theorist in me say that Apple did this on purpose so it could listen in on it's competitors meetings and patent their ideas before they could.
    Reply
  • JamesSneed
    Tin foil hat folks are funny. You don't implement something like this on purpose. Seriously if you do this on purpose you use a nice encrypted key exchange to enable it not some silly method of adding yourself to a group facetime that literally anyone can perform. Apple owns the servers already so they can watch/listen to whatever they want anyhow so I say why would they do this on purpose anyhow? Apple simply messed up.
    Reply