An attorney from Houston, Texas filed a lawsuit against Apple on Monday over the FaceTime bug disclosed yesterday that allowed potential attackers to spy on private FaceTime conversations that were supposed to be secured with end-to-end encryption.
The FaceTime software flaw allowed others to hear what the people they were calling were talking about before the targets answeres the call or were aware that someone was listening in on them. The bug arrived along with the most recent updates to iOS, and Apple hasn’t yet explained how such a bug could have been born. The company responded to the media reports about the bug by immediately shutting down its FaceTime servers until it could address the issue.
In the lawsuit, Larry Williams II argues that Apple didn’t give people enough warning about this issue once it discovered it. The lawsuit also states that Williams was with a client who was doing a private deposition, which he now thinks was compromised by the FaceTime bug. The lawyer is seeking punitive damages against Apple for claims of product liability, negligence, warranty and fraudulent misrepresentation.
The reports about the bug came out on Data Privacy Day, when Apple’s CEO Tim Cook tweeted: “We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.” At the time of writing, that remains his most recent tweet.
Bug or Backdoor?
Some security experts on Twitter have noticed that the way the bug works seems eerily similar to what the U.S.' FBI, UK's Government Communications Headquarters and other proponents of software backdoors have been recommending as a “solution” to the encryption "problem.” Through this software flaw, a third-party could be added to a conversation between other people without their notice. However, as most experts have warned, this type of so-called backdoor solution makes users unsafe.
If this was only an innocent software bug, then it’s a rather strange one, as this shouldn’t be the kind of simple mistake any programmer could easily make when writing FaceTime code. If Williams’ lawsuit goes forward, it may shine more light on how exactly the bug happened.