
Apple disables Walkie Talkie app due to eavesdropping vulnerability - chillaxtian
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
======
abalone
I've found that it's pretty easy to get people to inadvertently accept
FaceTime calls if you continuously spam them. (I was on the receiving end of
this attack.) Here's how it works.

1- It's very easy and instantaneous to redial someone on FaceTime if they
decline your call. You can just spam the call button and the target will get a
continuous ring, basically.

2- Even if they turn on Do Not Disturb, many people have "Repeated Calls"
enabled, which lets repeat FaceTime calls break through Do Not Disturb. Neat!

3- Now they are frustrated and want to throw their phone in a bucket of water
to shut it up. The only way to block you is now to get your "info" in the
recent callers list, scroll down and hit the "Block this caller" option.
However the constant stream of incoming FaceTime calls takes over the UI every
couple seconds.

As they fiddle with their phone trying to navigate to your info and/or hit
decline, eventually they inadvertently hit accept, and you see their face.

~~~
snarf21
Absolutely. There needs to be a block this user right on the accept/cancel
screen. Apple also needs to track who is doing this and repeat offenders lose
access to FT in general or that iTunes account.

I really don't understand why calls and texts don't have a default mode to
only ring or pass through if they are from a contact. Depending on the
government to prevent robo calling seems foolish. We need technology built
into the device.

~~~
asveikau
> There needs to be a block this user right on the accept/cancel screen

Personally I hope I don't end up blocking a family member or someone else
important because my phone is slipping around in my pocket when they happen to
call.

~~~
mathieuh
I’m pretty sure the proximity sensor activates as soon as the call comes in,
so the screen would be disabled until you take it out of your pocket.

~~~
asveikau
You seem pretty confident that this will work as opposed to occasionally
falling in the wrong state and, a rare instance multiplied by a large number
of uses, happen to somebody.

Somehow despite this pocket dialing still happens.

------
donkeyd
I have to say, I think it's great that Apple doesn't try to do damage control
on their reputation, but instead does damage control toward the customer. They
could've kept the service working, created a fix and silently pushed it, but
they didn't.

~~~
Nextgrid
It’s kind of sad that we live in a world where this behaviour is considered
exceptional and something to be applauded, instead of being the normal way to
do business, thanks to both morals and regulations with huge fines to control
those who lack morals.

~~~
donkeyd
Yeah, I fully agree. This was in the back of my mind while writing the
previous comment too. It's also why think it's important to acknowledge it,
since that might help people become aware that we're not doing things right.

Only slightly related, but as a lead developer I've had some business people
get angry, because I refused to build features that violated customer privacy
(and GDPR). It's not just the business that should be responsible, it's IT
too, but we tend to use business demands as an excuse (see: Facebook).

~~~
nier
I’d like to add that job safety and the home that needs money brought to is
also used as an excuse. People need to feel safer that they can act upon their
morals and overcome whatever consequences arise. Friendships and family ties
are one important ingredient for that. Sensible frugality another.

~~~
donkeyd
Definitely true. I ended up quitting and moving to another job because of
unreasonable demands like this. I do imagine though, that in SV, where data is
considered the new gold, it must be a lot harder to find jobs at ethical
companies.

~~~
Nextgrid
I’m actually skeptical about data being the new gold. Even if it is true now
and we ignore the ethical implications, I don’t think it’ll remain gold in the
long term. People have a limited attention span & wallet. There’s only so much
advertising they can consume, anything after is worthless. Overall, anyone
cashing in on data is diluting the pool for themselves & everyone else until
there’s so much that the entire market is no longer sustainable.

The other issue is that there are 2 very strong competitors (Google &
Facebook) that I’m not sure it’s wise to start a new company based solely on
data/analytics/advertising.

------
GershwinA
"It turned out that the teen who discovered the bug, Grant Thompson, had
attempted to contact Apple about the issue but was unable to get a response."

Good they fixed this. Too often security vulnerabilities remain unaddressed, I
think that was the case with Mariot hotels data leak, the staff knew for quite
some there are privacy troubles. Now they're being fined for not taking
action.

------
ru999gol
remember this idea how weird it is that everybody runs around with spying
equipment, you have a always-online device with multiple cameras and
microphones. I think people would be uncomfortable knowing that someone was
listening or recording video without their knowledge, that's why people put
stickers on their laptop cameras. I think its obvious by now that
manufacturers aren't capable of developing software that keeps the
cameras/microphones secured. In the future we can just assume that any
camera/mic in any phone is recording at any given moment and sending it to
some malicious entity. Since there is no practical way of disabling the
cameras/mics on phones, we just have to learn to live with it.

------
gbil
I prefer this verge link [https://www.theverge.com/2019/7/11/20689983/apple-
watch-walk...](https://www.theverge.com/2019/7/11/20689983/apple-watch-walkie-
talkie-bug-disabled)

as techcrunch privacy settings are yahoo driven and I was never able to manage
them - not sure they really give you an option

~~~
kmlx
what privacy setting? i never get that popup.

techcrunch is ok imo.

the verge on the other hand won’t load for 3 seconds if i have an ad-blocker
turned on. so i stopped visiting it since their ads are 90s level of terrible.

~~~
Sahhaese
This is all you see when clicking techcrunch articles:

[https://imgur.com/a/mId1Jfi](https://imgur.com/a/mId1Jfi)

If you "manage" your settings to block everything it'll just be back next
time.

As a consequence, I haven't read a techcrunch article since June 2018.

~~~
jonknee
Interesting, I have never seen that and even tried in an Incognito tab and
with Safari which I don't use regularly.

~~~
Sahhaese
I'm guessing you're not in the EU then? I see this everywhere.

------
dwighttk
I have a series two Apple Watch and while the app shows up I was unable to get
it to work back when I tried. I didn’t care that much so I just tried a couple
times and gave up.

~~~
applecrazy
Don’t know why you’re being downvoted. I tried to make it work with my friends
and for some reason, I could never get it to set up.

~~~
mikestew
_Don’t know why you’re being downvoted._

Were I to guess, the original comment is at best peripherally related to the
topic at hand ("the app", I'll assume, refers to the Walkie-Talkie app). IOW,
it doesn't contribute much.

------
oregontechninja
Also: apple mail is so horrendously broken, any multipart email is likely to
fall apart and attachments get chopped off or corrupted every other email.

