Hacker News new | past | comments | ask | show | jobs | submit login
FaceTime bug lets you hear audio of person you are calling before they pick up (9to5mac.com)
1534 points by uptown on Jan 28, 2019 | hide | past | web | favorite | 429 comments

I'm always curious how a bug like this ships. I mean QA & Testing should catch it, sure. But even before then. Some engineer wrote code for FaceTime that has it open the microphone before the call is accepted. And transmit the audio over the network before the call is accepted. Who did that? And why? I'm not suggesting malice but I do wonder at the lack of defensive programming.

My guess is that it’s an unfortunate combination of several problems:

- audio and video capture has to start going before call is actually established at signaling level, in order to minimize call establishment delay. Audio maybe going through Bluetooth, for example, and waking up Handsfree mode of BT may take 1-2 sec

- most of the group calling functionality was developed by a separate team, and group calling signaling may be loosely integrated at UI level, where, once UI triggers a switch to a group call - internally, the whole new library may kick in and get the current 1-1 call state transferred to it.

- when this “transfer” happens, the state of the first 1-1 call gets affected (at either local or remote side (due to signaling), which leads to either remote side think that the call was answered (a lack of protection in the call signaling state machine to ensure it was users UI action) or local side thinks it’s ok that remote users answers the call (in this case FT must have streamed audio even during 1-1 call establishment phase)

- lack of a check for your own phone number added to a call. This, due to having the same IDs/tokens twice in a group call, may lead to unexpected call signaling state machine switch

- lack of manual testing with focus on edge cases (like the described flow to repro the bug may not be the main flow for how users start group calls on FT)

I never worked at Apple, but I built VoIP stuff for the past 20 years.

They were trying to reduce a latency and accidentally made it negative.

"negative latency". That's a Jobs worthy dodge right there.

It's weird seeing my username come up in a comment.

Does it mean I got to read your msg before you clicked the post button! :-)

> They were trying to reduce a latency and accidentally made it negative.

Ha! Facetime is now a non-causal filter.

latency of local hardware is much lower then cellphone/internet latency... so even if you bring local hardware latency to 0, you still have major network lag... I know you are kidding but this is ridiculous

They supposedly have these chips that make your phone much more secure and they can't get stupid stuff like this right? LOL ... GO APPLE. My trust level was already close to zero before this...

Latency between answering the call and being able to actually talk to the person on the other end.

right... the network creates the latency, not the time it takes to turn on a microphone (which is instant when compared to network latency)

> leads to either remote side think that the call was answered

Maybe that's triggered by adding your own number? Since you're clearly on the call already, your own number is obviously going to answer immediately and that kicks the whole call into "active" (since you presumably want a call to become active when more than one person has answered) without considering that you've actually got A+A+B instead of A+B+C.

maybe - it's hard to tell, and I did bring up that other option as well. It's just that when a 1-1 call upgrades to a multiparty call, there should a be a lot of new stuff going on at signaling level to convert that 1-1 call to multiparty - and a chance is that it's a combination that leads to this bug - a call gets upgraded to a multiparty AND a number being added is already part of the call...

> audio and video capture has to start going before call is actually established at signaling level, in order to minimize call establishment delay. Audio maybe going through Bluetooth, for example, and waking up Handsfree mode of BT may take 1-2 sec

As a user, while I can accept capture starting before I answer, I cannot accept sending. I understand how it helps the speed of establishing calls.

But it means the only thing needed to spy on me from that is a software change ON THE OTHER SIDE. No way to know from my side if I'm good or not.

But your comment it missing the point. Parent commenter said it needs to start recording audio and video earlier, and a combination of other circumstances cause the device to send the data. Nobody argues this is acceptable.

I don't think that's what he meant. It can be sending empty audio, but the whole path needs to be up and running.

I am not saying whether sending happens at the establishment phase or not - it's just that when your AV capturing is started and even encoding goes on - it's a matter of dropping the actual AV packets or sending them at the network stack/jitter buffer level. By the way, if not for privacy/security, it's actually very useful to start sending AV stream over the network, to pre-heat the network & test its throughput. For example, cellular data bitrate ramps up only when you actually send data, and it takes some delay to ramp up at more power-hungry levels and for cellular to even test what's possible. Also, estimating network bandwidth for the application layer requires measuring the round-trip time for a few seconds...

It reminds me of this MacOS bug from last year, where simply hitting the login box over and over with no password would eventually bypass the security entirely:


And this other MacOS bug, also from last year, where the password hint would contain the plain text encryption password:


All within a month of each other.

Not Apple related, but you could log into any linux box using a specific few versions of grub2 by hitting backspace 28 times: https://motherboard.vice.com/en_us/article/ezpdqz/hack-into-...

This bug only applied to grub authentication, which isn't a widely used feature. And you could achieve the same result with boot from disk/USB if that is enabled.

The vuln doesn't give you access to the actual accounts on the computer.

But the Windows 95 login was just for logging into the network, not the computer

I think that if you hit Cancel there it would work just as well. You wouldn't get it logged into the domain though

Yes - from what I recall there was not even a pretense of security. Everything was just unencrypted FAT (VFAT rather than FAT32) and if you logged in as one user all other user's data was clearly visible - it was just a means to have your own user workspace and customisations applied. Windows 95 and everything up to (not including) XP was a toy OS for home users ... If you wanted "grown up" features you had to go for NT.

Oh dear, I remember something similar was possible on iOS lockscreen multiple times. What version of Windows was that?

95. 98 had an even better one... just hitting cancel on some login boxes would let you in.

I believe that was by design: the dialog was an opportunity to authenticate with the domain. If you just wanted local access you could hit cancel. Remember Win9x was not a secure OS itself.

Pretty sure I've seen a similar trick on XP or later as well. (I learned it from someone I didn't meet until long after I last saw a 95/98/2000 machine.)

!WARNING! - This now redirects to an image of a hairy testicle. I think the site owner noticed the traffic and put in a redirect.

It's been that way for years (i.e. visitors from HN get redirected).

Ah you are right, should have experimented with that.

Heh just saw/posted the same. I think you’re right - jwz being a little trolly.

wtf. Clicking your link brought me to http://i.imgur.com/rG0p0b2.gif somehow. jwz doing a referrer troll?? Anyone else see this?

Probably Referer check, copy-pasting the URL works.

This was the worst one for me:


I remember an article somewhere about these kinds of bugs. A lot of medical hardware/software combos are/can be compromised. And here comes the problem: do you disclose the vulnerabilities since it means potentially killing people? How long do you wait before manufacturers acknowledge and fix the problem (and they often don't)?

So yeah, these types of vulnerabilities are very very scary.

Also, you can bypass screen lock in Ubuntu by removing the HDD [1]. The bug still is not fixed.

[1] https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1777415

That's a bug in Unity. They dropped their own desktop environment in 18.04 for GNOME.

So it's likely it won't ever be fixed.

Honestly, I wouldn’t but that in the same class if bugs as those that preceded it because if the attacker he removed the HDD he will have access to your contents anyway (unless the HDD is encrypted) and it’s not a quick and convenient process either (unlike tapping backspace multiple times).

That said, I also don’t agree that this bug should never get fixed either.

This is a very naive estimation of what might happen when someone has access to all your running software. Since it is linux, it loads executables into memory and is able to run them even when they are deleted along with runtime dependencies.

Anything that caches anything to anywhere other than disk will be accessible. Your memcache, your redis, some databases, keychains, your non-userdata browser sessions.

I'm aware of that but it's a moot point because you'd be popping the storage device back in anyway. Which is why I didn't address that in my previous comment.

In any case, half the examples you've provided there are server specific and you really shouldn't be allowing untrusted physical access to your servers (nor running Xorg to be honest).

While I do agree, a lot of ideas here are still laden with hindsight.

Sometimes I feel like a relic using Slackware with lilo and SysV init, then I read about exploits like that and I smile.

I am afraid your system is _probably_ just bug ridden as any other, it is simply not popular enough to for people to find bugs.

It's actually the opposite situation. Slackware's policy is to stick to the original software as distributed by the author with only minimal patching where necessary, so if a particular program (say, KDE) has a big support community, Slackware benefits from all those eyes on the code. This leads to a very mature and stable system at the expense of running older versions of software (though there's always the -current branch for those wishing to live on the edge).

Beyond this, the small but dedicated Slackware team is working daily to find and patch bugs when they do appear. You can look at the changelogs for examples of that workflow[1].

There's no such thing as a software project without bugs, but Slackware is consistently one of the most stable and robust OSes out there.

[1] http://www.slackware.com/changelog/

I remember turning on my iPhone and briefly seeing a picture of myself from a time when I had not taken any photos of myself. In fact I had not been using the front facing camera at all.

Extra creepy.

If someone facetimes you and hangs up, that can happen. (I've noticed).

That is what happened with Signal(i was on iOS and the person i called was on android)

I think user ‘sixothree’ was stating that a picture would show after unlocking the phone, not after a call. I myself, have had it happen to me several times couple months ago and thought it was really creepy. It almost seemed as if someone was using the front camera without my knowledge. Thought it to be glitch or something at that time.

This is what happened.

And I'll be honest, this is when I started losing faith in technology.

I remember some people discovered that you could kill the xscreensaver lock screen on Debian with Alt+SysRq+F some years back. Well, a decade back actually — 2009.


A fee years ago, I discovered that if someone was running dual monitors and using XScreenlock, you could unplug one of the monitors and it would bypass the lock screen. I have no idea if this is still possible, I've not used XScreenlock since then.

On Windows 10, if you have dual screens and unplug one while the screen is locked, it will reconfigure the displays and give you a flash of what was under the lock screen. Hope you didn't leave anything sensitive on your screen!

I’ve noticed this as well on my MacBook with an external screen actually. Also sometimes when resuming from sleep..

That's a feature, not a bug! ;)

I find those bugs less puzzling because the timeline makes sense. You're not logged in, there's a prompt, you're logged in. Obvious bug in the prompt, but the A happens before B happens before C order is there. Call comes in, audio is recorded, call is accepted is not the expected order. I could imagine a bug where declining the call still accepts the call, because that still obeys the proper ordering, but this bug does not.

I don’t use face time often, but isn’t there a "preview" of the camera feed during the prompt? I guess so that the user can check if he’s looking decent before engaging the call.

The bug could then be that the feed is sent over the call too early instead of being used solely for this local feedback.

From the details, it sounds like "adding" the caller to the call before the call recipient accepts probably puts it in a weird state. Could be some kind of off-by-one error, where for some purposes Participant 2 is the caller and for some it's the recipient.

Edit: Deleted my comment because I felt it wasn’t constructive.

Yes, I experience this routinely. As do many other people at my company.

In particular it happens when attaching external monitors while the screen is locked. There's a flash of the unlocked desktop.

I am guessing this is because the screen lock is an application drawing over top of the monitor, like XScreensaver on Linux does. A more secure-by-default architecture would have screen locking built into the display server at some lower level: If the screen is not unlocked, it will not allow the data to be passed to the GPU. It's easy for me to arm-chair architect though.

There was one guy on reddit who had a scare when his computer flashed a picture of a dead person when shutting down, and he thought his computer was haunted. It turned out to be a frame from a youtube video he was watching earlier. It may be that macOS is not that good at clearing out GPU memory sometimes.

I have the exact opposite problem. When I reboot after system updates, half a dozen YouTube videos in Chrome tabs start playing over each other on the password screen. They get through about 20 seconds before I can stop the last of them.

Audio only on the password screen, but all audible.

I’ve long had a similar problem on iOS. Whenever I return to an app, I briefly see an image from a few minutes ago. Which can be bad if I’m showing the phone to someone that old state was exposing sensitive data.

I used to see this regularly but haven't noticed it in a long while. I always assumed they were doing something like a double-buffering type trick and switching framebuffers before wiping stale content from the destination.

Apple claims, falsely, that their Operating System is "secure by design". (See https://www.apple.com/business/resources/docs/iOS_Security_O... )

This is an outright lie.

However, I'm not sure a typical iOS user cares.

These are the sort of "bugs" that have barely enough plausible deniability as backdoors to make people believe they were "random" or "human error."

Possibly a product owner trying out the latest build, receiving a call, accepting it, and then waiting for the call initiator to receive the message that the call has been accepted, and then start sending data and asking:

"Why doesn't it take X seconds before I can start talking".

To which the engineers possibly explained the reasons and the product owner saying:

"But I want it instant, let's bypass all this extra stuff and get a proof of concept instant answer working"

To which the engineer said:

"But we'd technically be sending data before the call has even been accepted"

To which the product owner said:

"That's okay, the user can't actually see that data, let us just get this in for now, we can worry about the security/privacy side later".

To which the engineer said "but, but, but" saw the product owners eyes glaze over and just made the commit:

Commit 1279: Remove very important security/privacy feature of ensuring no data is transmitted until the call has been accepted. This is again my best judgement, do not come to me when this blows up, please speak to the product owner.

Then went to the pub in despair.

I think it's much more likely their code is a mess and it's not super obvious when stuff starts and ends and this is just an unintentional mistake.

You hear this excuse all the time, don't FAANG employ the world's very best developers?

Maybe their code is a mess for orthogonal reasons - management, profit-motive?

Aside: I thought I'd heard devs have automated analysers that step through and find all possible code paths, allowing complex code to be audited for security issues and such? Presumably that's how these sorts of bugs should be found in testing.

Since they have an impeccable interview process that only selects the brightests.. They may be all too busy implementing linked lists and inverting binary trees instead of actually delivering a working product.

> don't FAANG employ the world's very best developers?

People have to stop putting these types on a pedestal. Some of the least intelligent people I've known have worked for some very big names. You shouldn't trust someone based on who they work for or what name is attached.

>> world's very best developers

And some of the world's very worst. There are not 10s of thousands of world-class developers to hire in the first place and they would be focused on much higher-level details than implementing basic features and maintenance.

That gruntwork requires solid reliable workers with experience but the current screening processes do more harm more than help in getting that talent.

Judging from their quality issues, I'm not so sure they're attracting the "world's very best developers" any more.

Even the best developers need time to develop and robust QA.

great developers with with bad process, quick turnaround, lack of ownership and bad habits can lead to a mess.

Also - maybe they inherited the code from a startup and never had the chance to refactor and so there was a mess from the start.

Either way, bugs happen. Of all kinds, even bad ones'.

More circumspect than a 'bug' is that this got through their tests. Their end-to-end testing should have picked this up.

I just keep going back to the XKCD of how "our entire field is bad at what we do": https://www.xkcd.com/2030/

Ah yes, it’s always the product owners fault and engineering is always fault-less. A HN classic.

Also, HN won't comment on how/why Apple insists that iOS is "secure by design". I've brought this up and it gets buried. Why?


This phrase is used several times on their current website:


Because they're well documented as having a more robust hardware/software security model than the dumpster fire that is Android security?

Does Android make the same claims?

Wait, what's wrong with F-Droid, exactly?

I think this is very close to spot on, though the version I've heard from developers involved with mobile involves VP's using the app/feature once it's been deployed: "Why is my group call taking 20 seconds to connect, this is unacceptable!". Fire drill ensues.

I wish this conversation didn't sound so familiar.

It generally happens because you don’t follow a defined state machine. An example of how this might happen is when starting the call the microphone isn’t opened. Then you add someone else to the Group FaceTime, the event handler for they didn’t stop to consider if the call is active (just assumed it is) and now the code for that handler opens a new port to the microphone so that it can encrypt the audio stream differently for that recipient.

Super easy and not remotely malicious. It’s a failed state check.

The actual bug here might be different but that’s an easy example. But it may also effectively be the bug since all the examples mention adding yourself to the call.

I did a bit of WebRTC development for video chat, and the state machine for that is one of the most complicated I've ever dealt with. Even household name-brand commercial providers don't handle all of the edge cases. It took me about a week to get it right. Session negotiation gone wrong can easily cause audio to be heard before the call is established (and this will certainly happen with the naive implementation -- even Google's own reference implementation had issues).

If you're curious, check out this flowchart slide from a Google I/O WebRTC talk:


This is a form of speculation which increases performance in the common case where the call is accepted.

I always wondered why FaceTime Audio has almost zero call establishment time on iOS, as opposed to WhatsApp or FB Messenger where you need to wait half a second before the audio feed kicks in after answering. Guess this is the reason!

That has not been my experience with facetime audio. For me it’s 3-10s wait after tapping the accept-call button before audio is connected.

This sound horrifying. If I use a hacked/modified FaceTime client, does this mean I'll be able to hear and see the other end before they pick up, even after the fix?

Facetime calls are end to end encrypted so I doubt a modified client would work.

How would E2E encryption stop a modified client? E2E protects against MITM. But we're not talking about MITM.

It could send the data but only on call accept give a session key

That would still expose the pre-accept audio on accept.

I wouldn't call it E2E encryption if only one party in the world has the key. E2E generally means both sides have the encryption key. But lolc points out the real problem with that scheme.

I think it is fair to say all applications must be written to assume the source code is opensource / can be modified / recompiled. A recompiled app should, in theory, only sacrifice the security of the person who did it, not the remote.

If FaceTime is implemented the way the parent comment mentions (which it very well may not) I don't see why you could make a client that performs a proper key exchange to set up an end-to-end call and simply pretend grab the video instead of hiding it behind the "dailing" screen?

"The initial FaceTime connection is made through Apple server infrastructure that relays data packets between the users’ registered devices. Using APNs notifications and Session Traversal Utilities for NAT (STUN) messages over the relayed connection, the devices verify their identity certificates and establish a shared secret for each session. The shared secret is used to derive session keys for media channels streamed via the Secure Real-time Transport Protocol (SRTP). SRTP packets are encrypted using AES-256 in Counter Mode and HMAC-SHA1. Subsequent to the initial connection and security setup, FaceTime uses STUN and Internet Connectivity Establishment (ICE) to establish a peer-to-peer connection between devices, if possible."

Source: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

I'm not doubting whether FaceTime is end-to-end encrypted, I'm not sure whether FaceTime sends data before the call is accepted for speculation reasons.

Yeah, if you have a hacked iMessage client you probably could retire from bug bounties. At any rate the bug in question would pale in comparison to a rogue iMessage client.

Modified clients are definitely possible - review the recent Project Zero research into webRTC vulnerabilities, which included a look at FaceTime and discovered several exploitable bugs


Similar to how Nextels cellular "push to talk" fake walkie talkies worked.

> Similar to how Nextels cellular "push to talk" fake walkie talkies worked.

Not really. The reason the PTT was virtually instant connect has nothing to do with optimization tricks, but rather is a purpose built design of the network tech it was using.

Nextel PTT didn't go over a normal cellular network, it went over something called iDEN[0]. iDEN provides a trunked radio service[1] which has a similarish feature to a conventional two-way radio. Sprint acquired Nextel and as iDEN wasn't as relevant anymore with the advances in cellular networks (despite those who actually used the PTT functionality), in 2013 Sprint shutdown the network to use it for additional LTE bandwidth in the 800mhz band[2].

[0] https://en.wikipedia.org/wiki/IDEN

[1] https://en.wikipedia.org/wiki/Trunked_radio_system

[2] https://en.wikipedia.org/wiki/Nextel_Communications

No, PTT would send audio from the caller without the receiver accepting anything, but it wouldn't send anything from the receiver without action on the receiver end.

It was obnoxious at times, but very different than the kind of privacy invasion that the receiver's sending data without active involvement is.

This seems like a state machine bug to me.

If you consider what happens when you add a third person to a call: You start sending them everyone's audio!

That's the desired behavior and exactly what happened here.

Except the client should have probably checked if the call had been accepted first. That's why I say it's a state machine bug: The "Send audio" function should have never been activated in state "waiting to accept".

> If you consider what happens when you add a third person to a call: You start sending them everyone's audio!

Not before they accept the call connection request you don't.

Well clearly. That's the bug.

Maybe it did used to work, but now because of a seemingly unrelated bug fix, it has broken it. Wack-a-mole style.

Takes the engineering right out of software engineering if you ask me.

Although others have mentioned state machines I wonder if it’s a deliberate feature with an unforeseen side effect.

The Apple Watch walkie talkie feature allows you to talk with anyone who has approved you and has walkie talkie switched on.

But it appears to use FaceTime under the hood as when it was launched it failed if FaceTime was switched off on your phone.

So the “auto answer” mechanism is already in there, just getting triggered at the wrong time?

Most likely 2 different teams worked on it. One worked on accepting calls, the other worked on transmitting audio, another probably worked on video. Then it got integrated and complete e2e testing wasn't done.

How would an e2e test catch this though? What would the test condition be? Wouldn’t I have to be checking for audio from the other party during all seemingly random events like adding a person to the call group?

Apologies in advance for my ignorance, I haven’t written code for a long time.

> How would an e2e test catch this though?

I doubt there would be a specific test (or maybe there would, real testers are better than me at thinking of this stuff), but there should be logs for events like "microphone turned on" and "user joined group chat" and the testers should be monitoring those logs.

Not sending any audio or video until a call gets accepted seems like a clearcut test case. They probably have a few tests like that, too, but forgot to add weird edge cases.

This are my thoughts as well. Probably a recent release that exposed this also didn't go through full e2e testing because hey, it passed previously.

You’re curious how a complex piece of software can have a bug? Come on now. You’re either naive or being hyperbolic.

> I'm not suggesting malice but I do wonder at the lack of defensive programming.

I've never worked at Apple but neither have I in 10 years seen people truly appreciate any attempts I did in defensive programming. On the contrary, usually I hear - sometimes loud - complaints about that. Usually from fellow engineers when they see it but on occasions also from non technical people.

It's a joke that everybody is so sad about bad application security but at the same time virtually nobody cares about it at all when involved in an actual development project.

Classical case of NIMBY. FWIW Apple's security is far over average compared to other companies. But I guess they cannot isolate themselves 100%.

> I mean QA & Testing should catch it, sure.

I believe they have been working on FaceTime Group for 5+ years now.

In 2015, Modern Family had an episode where the entire plot focused around the family using FaceTime on their iPhones --- but they had the Group feature[1]! I remember being blown away when I saw that, figured it'd be coming in the next iOS update. It didn't. 4 years later, they finally released it..then recalled it immediately

[1] https://www.mlive.com/entertainment/index.ssf/2015/02/tech_r...

edit: managed to find a short clip from said Modern Family episode: https://www.youtube.com/watch?v=vy3jUOBxQuI

Though in the full episode you see a lot more of the Group feature

I'm wondering if it's something really simple, like comparing the unique number of callers versus the total number who have accepted the call.

Imagine a method for group calling that returns whether or not the call should be considered active or not by seeing if the number of callers is equal to the number who have accepted the call. But now imagine the method that tallies up the number of callers does a unique count by phone number, while the method that tallies how many people have accepted the call does not.

Since adding your own number is adding a caller who has already accepted a call, you end up with unique_callers (2, you and them) == total_accepted (2, you and you).

This could be tested by adding a third person to a group call twice (if iOS will let you do that) instead of adding yourself to the call.

Furthermore, if the interface on the recipient's phone only looks at whether or not they've accepted the call, that would explain why the call doesn't auto-accept on their end and go into the call before they've accepted or rejected the call.

doesn’t help that their bug bounty program is invite-only ( at least the last time I checked )

Their bug bounty program seems to mostly be aimed at jailbreakers, rather than bugs like these.

They can aim it at who they want. When it's invite-only they'll only get what they're looking for. I'm certain that just having open bug hunters looking would have at least brought this up. I remember noticing this bug myself but also remember it not being worth my while to report it.

This reminds me of having the Nokia 3650 phone. I could hear phone calls before the call was accepted.. awesome uh feature .

I agree this should have been caught in QA/dev testing. However, I would bet a dollar this wasn't "Some Engineer" deciding to do it this way. This design was the culmination of some back and forth discussions and it is this way for a sound (no pun) reason.

The code involved is a lot more complicated, involving a lot more pieces written by different teams working in concert with each other. There's not a single routine that takes the steps you describe that got a few lines out of order or something.

If the implementation is complicated enough, the code that opens the mic and the code that accepts the call are so far away from each other that its impossible to see. That's why keeping things simple is the greatest art in programming.

Our company's phone system, or our provider, had a problem with outgoing calls once: you couldn't call users of a certain mobile provider, but only if they were currently using GSM. Anything newer would make it work. The symptom was that even when the cell user picked up, you'd still here the sound like their phone is still ringing. That alone was already mindboggling to me, but the crazy part was that with certain phone models (at our company), the cell user would be able to hear you while you still thought their phone was ringing.

Yeah. Never attribute to malice that which is adequately explained by stupidity ~Hanlon's razor

Agreed - looks like something very simple to add as a test-case. If not manual, an automated QA process could've easily caught this if it was even remotely robust enough.

The steps to reproduce is trivial so I'm shocked.

Is rarely that they didn’t test it, it was likely caused by a new scenario that they have not thought of that brings out this bug.

An old product like FaceTime comes with tons of legacy code. Mistakes like this while fiddling with legacy code is not unreasonable.

When in doubt collect all the data.

Would be a server bug for sure

Lack of formal methods in the design phase. It would be trivial to express a rule that you cannot hear audio from the called person before they accept it with it.

To get a bug like that is easy. The question, who the hell still using FB facebug. And why?

Maybe it's not a bug, but something akin to a backdoor that has been uncovered.

I'm pretty sure that person also wrote a few lines so the phone being called won't show there's a call... /tinfoil

Abstraction. I can tell you with 100% confidence that any of these logic bugs are created by unecessary abstraction.

Anybody working in security will tell you the same. Piles of abstractions make it impossible to find out these bugs. You need a month of work to understand these codebases, often only the main developer has the architecture in its head.

> I can tell you with 100% confidence that any of these logic bugs are created by unecessary abstraction.

That's a lot of confidence…

Apple's application programming has fallen off a cliff in the last 4 years. I blame Swift. There's nothing wrong with the language itself, but its outward similarities to.... other dynamic languages I feel has led to a rot in the core of what was once a rock solid culture of embedded C/C++/Objective-C programmers building robust, well architected applications. The average Apple app today is just as buggy and disjointed as anything else on the App Store, and that never used to be the case.

You need to integrate the famous iTunes into this thesis.

(people have complained about it approximately since it was released)

>> people have complained about it approximately since it was released

and I ain't gonna stop complaining until I find a suitable music player to replace it!

>You need to integrate the famous iTunes into this thesis.

Desktop iTunes is a dumpster fire, but their iOS software is what I was specifically referring to.

I actually liked some of the versions of iTunes for Windows back when I had to use it with an iPod Touch around 2008 to 2012 or so. For just playing music from my music library, the interface wasn't bad. You just had to turn off the option to automatically convert everything into Apple's format.

iTunes has always felt robust and well-architected, but it's UI has been a dumpster fire since whenever.

"This app is preventing shutdown". Yep, it's always iTunes.

No way. I regularly have problems with it hanging or just ceasing to respond to “play” command. Ana this in on OS X, not windows.

Most of iOS is still written using Objective-C, including FaceTime. Swift has nothing to do with this.

>Most of iOS is still written using Objective-C, including FaceTime. Swift has nothing to do with this.

Most of iOS is still great. The problem is all the cruft that has developed since around 7.0. It just seems like an endless march of features at all expense.

Swift came out along iOS 8, just FYI. Is there some other cruft you're talking about?

What? Objective C is a lot more dynamic than Swift - which was the whole point of making a new language, albeit Swift itself is not quite as well-developed, highly-performing or safe as, e.g. Rust.

I think it's programming practices themselves that have fallen off a cliff, at least in the non-FLOSS world, and nothing specific to Apple. You can even see this in the dumpster-fire that's popularly known as "Windows 10", as well as in the latest versions of Mac OS X which are a lot slower and less user-friendly than their predecessors.

>What? Objective C is a lot more dynamic than Swift

Sure, that could be argued. But with Objective-C, you still had exposure to the "metal". You had to understand what a pointer is, and why you would want to use it. You had to understand memory management, even though ARC does the job (mostly). It was firmly entrenched in the world of memory efficient embedded programming that mobile started out as, but now that developers coming from Javascript/Python land see a familiar syntax they've brought their patterns with them as well.

So… your theory is that if people understood pointers this wouldn’t have happened? I don’t think that follows.

>So… your theory is that if people understood pointers this wouldn’t have happened?

Yes. But it has nothing to do with pointers specifically, just the mindset and training of the average developer who has had experience with them, vs. the average developer who has not.

There's an entire generation of developers now graduating from CS programs, hiring into Apple, and getting dumped on these application teams with zero real world experience and their only language being Python or Swift. The result is you have tons of brilliant people who can quickly whip up a DFS algorithm, but don't understand that using 4MB of RAM for a JPEG is unnacceptable, or that whatever dynamic thing they are asking the runtime to do might not always work as intended. That's why we get these massive feature lists nobody asked for with every iOS release, and zero emphasis on performance.

I think you over-simplify — engineers slot into different roles/disciplines within large companies.

There are going to be engineers that have to deal with driver-level code that know full well the limitations of memory constraints, thread overhead, etc.

No doubt you're describing the other half — the app engineers that use the API/SPI's. It might even be argued though that, given a well defined API, they should not have to worry about how much memory a JPEG requires ... the API decompressing the image only when rendering to the destination or what-have-you. Pointers, memory management should be managed by the low-level parts of the language or OS/kernel.

I happen to like the bit-banging, pointer walking, free-wheeling world of straight C but I don't begrudge higher level languages that are designed to tackle the more modern pressures of concurrency and "asynchronicity".

Also failing to see the connection between this bug and using 4MB for a JPEG.

> The result is you have tons of brilliant people who can quickly whip up a DFS algorithm, but don't understand that using 4MB of RAM for a JPEG is unnacceptable, or that whatever dynamic thing they are asking the runtime to do might not always work as intended.

I’m not sure where you’re getting this anecdote from, because I have not found it to be at all true in practice.

I’m not sure about the situation at Apple, but this is 100% true in the web development world today; with the exception that many of the new programmers hired straight out of General Assembly and the like can’t implement a DFS algorithm either.

It’s a nightmare for security and performance - the number of obvious, blatant security issues I’ve spotted and fixed just through luck alone is horrifying.

I'm sorry, but I don't know what "General Assembly" is. I live in the US, so is this some part of a degree program in your country (if you live somewhere else) that I'm not aware of?

But coming back to your point, there have always been new engineers with weak skills, just like there have always been smart engineers as well. I don't think the choice of programming language changes this fact significantly, although certain languages may have a slightly higher proportion of inexperienced programmers than others.

General Assembly is one of the popular US 3 month coding bootcamps. There are others in the US, but I’m not familiar with their carriculums.

As programming gets easier to learn, people spend less time learning programming. This has a number of negative knock-on effects, eg less understanding & focus on correctness, performance, security, etc. Obviously there’s lots of wider benefits too - but I suspect that the average person writing objective-c today spent more time studying programming than the average person writing swift today.

It sounds like we generally agree on that - but my claim is that this effect size is big enough to dominate almost all other considerations. I suspect the average C program is more secure than the average JavaScript web app, despite how the absurd difficulty in writing correct C, just because of the ratio of new and old programmers in both communities.

One of the headlining features of the latest iOS release was performance.

That's computing's tick tock release pattern in general. Tick new features, tock optimizes performance.

Then, how do you explain that the last update improved performance a lot on older devices ? Last time I've checked there was no hardware upgrades in the downloaded update...

Where did GP say anything about hardware?

Rumor mill: FaceTime bug was submitted to Apple on 20 January 2019 by a concerned mother after .. her 14-year-old son discovered it.

>My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews

[0] https://twitter.com/mgt7500/status/1087171594756083713?s=21

Interesting twitter account. First tweet 1/1/19, few followers, mostly politics, then a major bug report (not only in discovery but in knowing how to go through the reporting process). Not saying it’s fake at all - it looks 100% legitimate - but it adds some extra bit of weirdness to this story. Quite the providence, and a really bad bug. (edited for clarity)

The genuineness of the Twitter account is absolutely irrelevant in contrast to the validity of the bug itself.

Apple was reported a high priority bug at a specific time. Who reported it, how they look like, what their Twitter profile looks like should have no impact on Apple's bug fixing process and how long/short they took to fix the bug.

Oh I’m not questioning the existence or importance of the bug. It’s important and a big screwup.

However, I am extra sensitive to the degree to which twitter is being manipulated for all sorts of ends. Sometimes things look more than a bit fishy. Usually major bug reports don’t come from 2019’s version of egg avatar + letters/numbers username + very recent activity consisting almost entirely of political posts + past tweets with interactions with obvious political manipulation bots. That is on the stranger end of things, you have to admit. To be clear I think it’s real, but also real weird.

What possible motivation would anyone have for reporting a real bug of this nature like this? Other than, yeah, found a crazy bug.

Stock manipulation perhaps? Happens a lot with Tesla apparently, short sellers will pump up any negative story and try to get it into press. This person was making several attempts to get in contact with press after all, and a story about a teenager finding a big privacy bug in a company that publicly touts its privacy chops has ‘news at 11’ written all over it.

Personally I think a bug report story is not a particularly plausible strategy for such a thing - this person’s concern seems entirely genuine - but crazier things have been done for money. I’m relatively skeptical of complaints from companies about short sellers and bad press, but also recognize that stock manipulation happens a lot more than most ppl are aware of.

Is it still called stock manipulation if the bug is critical and for real and the company deserves to lose shareholder value simply for the critical nature of the bug?

Imagine how many people are vulnerable out there - I'm already starting to read some complaints on the internet that some people were unknowingly sharing a video of them taking a shower, etc.

If you're are in possesion of information with the potential to impact the stock price when released and you use it in your own favor to try to make a profit, then I believe it can be characterized as an attempt of stock manipulation.

Yes, as they would have lost less stock price if a fix had been prepared and released along with the announcement.

Yes, if options purchases were made before the market found out.

Yes, if their intentions were to change stock prices with the announcement in any respect whatsoever, whether up down in price and/or in volatility.

No, if they were not intending to change the stock market with the announcement, regardless of the fact that they did. (Naïveté happens. So does unconcern. Still, No.)

you have to admit it is at least slightly curious the bug received attention only recently since today $aapl is set to report their earnings

odd that this is so recent and the twitter account is so fresh, with so many facetime sessions esp with ios being popular among those in infosec

Depends on when the information was made public

Also timing, Apple publish their quarterly earning results this afternoon in an already peculiar context. It’s the first time they missed guidance over the decade.

Ps: As others noted maybe it’s fair enough if support failed to acknowledge the bug quickly enough.

@foxnews sure has “news at 11” written on it.

If the bug was held by a nation state, and their use of it was burned for whatever reason, then the nation state could release it in this manner to sow chaos in lots of fun ways:

1) The entire world of iPhone users

2) The financial markets (Apple suffers)

3) The financial markets (non-Apple benefits)

4) The political sphere (distraction from)

5) Deniability (they got their recording and leaked the bug to deny how)

While the account does seem a bit odd — especially in our current state — it stills boils down to the fact someone discovered a bug and they seem to have receipts.

Linked tweet shows an email signature on reply from “Deven” of “Apple Product Security” and the senders original message. >> https://twitter.com/mgt7500/status/1090079031666438144?s=21

Ya that poorly obscured email in the message is strongest evidence to suggest this is a real twitter account & story - I believe it’s legitimate. Which makes this story really interesting, that the kid found it, the parent knew how to bug report, the parent went to a twitter account they only recently started using to try to get the word out, and nothing happened. Goes to show process needs improvement and that bug reports truly can come from anywhere.

At the bottom of the screenshot attached to this post you can see her extortion attempt: https://twitter.com/mgt7500/status/1090079031666438144?s=21

  I am willing to give details and provide a home video 
  that I to ok to show you the flaw, but would like to 
  discuss this with someone prior to doing so...
  It is unclear whether Apple provides a reward program
  for non-... [cut off]
I'm not surprised Apple didn't respond to this message.

I too found it odd and only looked into it because she chose to tag one (and only one) "news org" in the post @foxnews - Without the bug report, her account looks like many that have been "taken over" or re-purposed by political operatives.

They just contacted Apple Support to report the bug. The "proper" way to report bugs to apple would be to use bugreport.apple.com.

If the mother did in fact submit a ticket a week ago, it's pretty shameful that the escalation / verification process took more than a week for a bug of this severity.

Security and privacy are two big parts of the marketing for the iPhone.

I'm curious how they can mitigate the reputational damage.


It gets worse:


If the recipient rejects the call by pressing the power button, it starts sending video.

As someone who bought an iPhone specifically for privacy reasons, I'm not really upset about this. What I'm concerned about is passive, mass-scale corporate surveillance, not a one-off bug that allows an individual with mal-intent to listen through my microphone for a few seconds and also let me know about it.

Are you able to root an iPhone or use one without signing in with an Apple account (that's tied to a credit card, etc)? If not, then I believe the devices are still very much part of a mass-scale corporate surveillance network.

> Are you able to root an iPhone

You can root, but it's security-suicide because the OS' security model isn't designed for that.

> or use one without signing in with an Apple account

Technically yes, although you couldn't download any apps so you really don't want to.

> If not, then I believe the devices are still very much part of a mass-scale corporate surveillance network.

What I always tell people is to look at the economic incentives. Apple makes the vast majority of its money from paying customers, not advertisers, so it has less use for big data. It has also invested huge amounts of money in marketing itself as a champion of privacy, a key diversifier from its competitors. If it tried to do some shady data-gathering, it would have relatively little to gain and everything to lose when that inevitably leaked. Apple usually can't even keep the next iPhone a secret; there's no way they could conceal a massive conspiracy to secretly collect data on customers. And if they did, and it became public knowledge, their sales would go down the tube. It's just bad business. I don't trust any corporation to do what's right out of the goodness of their hearts, but I certainly trust them to do what's best for business.

Yes, you can use an iPhone without signing into any account.

It's incredible to me that people to this day are trying to make Apple look as bad as Google when all it takes is a look at the business models...

Well, that's a plain and simple lie, since you can't download apps from the App Store without an Apple account, nor do I believe you can install software updates.

I haven't tried in a while, but last I checked, updates worked fine.

It's not necessary to download apps from the App Store to use an iPhone.

I'm not sure what was the need for you to call me a liar. If anything I've said is inaccurate, I guess it has changed in the last few months, and I would love to know that.

Don't accuse people of lying when they are clearly not lying. You may dispute the details, but the OP did not lie.

An iPhone is what you buy, not the 3rd party apps. Don't be so aggressive.

Of course you don't need an Apple ID.

Really? This post makes it sound otherwise: https://gist.github.com/iosecure/357e724811fe04167332ef54e73...

Doesn't matter what the page says. You can buy an iPhone and just press "Skip" during set up. Easy.

You can't install apps though, which for many people may as well be "you can't use the phone"

You can make and receive calls, you can use the browser and web apps to do everything you need to do online.

So it's not correct to say "you can't use an iPhone without an Apple ID" in any sense. People should be SPECIFIC.

I have an Apple ID for work that is not tied to a credit card.

confirm: iphone works almost fine with no apple account or cc. if only it would be able to talk/mount webdav...

Why would this be any more reputationally damaging than the numerous other bugs with iPhone behavior?

It’s not like iPhones have a reputation for not having bugs; it seems like every version has a passcode bypass or a DoS-via-iMessage. By some standards, this is worse (remotely triggerable, leaks audio/video), but in other cases it’s not as bad: the attacker’s Apple ID ends up in the call logs of the affected person.

Are there prior examples of any phone manufacturer being reputationally damaged by vulnerabilities like this? Heck, Samsung’s phones literally caught fire and they’re still selling phones just fine.

> Why would this be any more reputationally damaging than the numerous other bugs with iPhone behavior?

Oh I don't know, someone denied the call because they're possibly in the shower, or other inappropriate moments. Oh look now they're naked on a video call... Yikes!

I feel like you're answering a different question that I asked. I don't think the bug is low-severity.

I'm asking:

Is there any historical evidence that high-severity bugs in iPhones (or really any mobile phone) are reputationally damaging, sufficiently that Apple would worry about the impact of this bug?

I'm not aware of any instance in the past where a high-sev iPhone bug had noticable long-term impact. This is similar to other issues, like the Sony PSN hack, where despite the gravity of the issue, everything continued long-term as if nothing had happened.

> Is there any historical evidence that high-severity bugs in iPhones (or really any mobile phone) are reputationally damaging, sufficiently that Apple would worry about the impact of this bug?

That reads much clearer, you're right, I misunderstood what you meant. I think it depends, PSN isn't as personal as someone's potential unsolicited nudes being extracted by total strangers. If enough bad press came of it, it wouldn't be the same ballpark. I certainly hope nothing horrible comes of it.

> Is there any historical evidence that high-severity bugs in iPhones (or really any mobile phone) are reputationally damaging, sufficiently that Apple would worry about the impact of this bug?

I'm sure Apple "worries" about any bug and its potential impact on its reputation, particularly in the area of privacy, where it has a leg up on Android at least in perception.

That said, what historical bug is up to this one for iOS? This is a big deal and I cannot recall anything similar.

edit 1: this hasn't exactly been a banner couple of months for iPhone. You'd expect that mitigating any negative news about the device would be paramount

edit 2: look to Facebook. I find it encouraging that people have reacted so negatively to a company acting so cavalier with their personal data and privacy. Yes, I think Apple cares, moreso than with other bugs.


Where sending somebody a .tiff file via iMessage, web page, or email would give the attacker RCE on the device.

Unless I'm missing something this was patched before it was publicly announced.

I also don't think it had the impact you're suggesting, nor would it be as immediately palatable as a privacy issue to the layperson.

The article slug is misleading, and suggests a fundamental misunderstanding of the scope of the bug. A RCE in Messages does not allow attackers to steal your passwords.

The ask from the comment I’m responding to was for comparable vulnerabilities to this one, since this comment thread is discussing reputational damage from high-sev vulnerabilities. This vuln gives RCE in iMessage, which is an app that has microphone/camera access, so I’d say it’s clearly comparable.

Well this is the top Twitter trend right now, for starters. It's a very visible, very easy to reproduce bug in a very popular service, and it's definitely going to hurt their reputation with consumers more than if it was something more technical yet equally or more dangerous.

Again, are there examples that show it will “definitely” hurt their reputation at all? I’ll broaden my example set: are there any examples of consumer devices where the company suffered clear damage to their brand as a result of a security issue?

As an information security professional I wish security breaches would permanently damage a company's reputation, and even put some companies out of business if the breach demonstrates they have no business handling sensitive personal information. But if that was the case, Target and Home Depot and Equifax wouldn't exist, and no one would dare touch an Android phone or a Windows computer.

The sad fact is consumers don't care one bit. The only people who care are people who have some interest in disliking the company who was breached, in which case they're likely not paying customers anyway.

Surely you understand that different bugs create vastly different problems?

Audio and video leaking without knowledge from such a personal device that people take with them everywhere is about as bad as it gets in terms of privacy breach.

It’s also the kind of bug and impact that is very easy for the layperson to understand, even without sensationalist write ups.

For me, reputational damage would be having a bug that allowed a phone to be compromised via text message and then not sending any kind of fix for months, or years. Oh wait.

If Apple fixes this bug this week, I will consider it a significant bug with a good response, and move on. If I wanted more privacy, what would I switch to anyway? Android? Ha!

Apple has shipped versions of its Mail program that delete email without warning¹ and versions of the Finder or OS X that delete² files. And much more. Yet their reputation is intact: the masses still believe that they put out quality software. They are truly the Teflon corporation.



Neither of your links seem to work, and the second one in particular seemed to have been dead for what seems like half a decade. Have you just kept these links around to whip out in support of this argument, without checking once whether they actually go somewhere?

Thank you for informing me of the dead links, for which I apologize. Apparently Apple is also a poor net citizen, allowing its URLs to rot.

Yes, I keep notes about things, some of which contain links. Obviously, these links used to work.

Not to defend Apple but I'm not sure there are higher quality options really. I don't think Apple makes good software but it can be the best without being good.

Come on this is an overreaction. It’s a bug plain and simple. A bad one for sure but still Apple disabled the feature (allegedly) while they push a fix out. Shit happens.

Apple’s bug handling is broken.

Anyone who has filed a few rdars knows it is thankless work. The amount of work you have to invest for anyone to even look at your bug is high. In the instance of this particular bug, I wouldn’t be surprised if at least part of the reason it took a week and a half to handle since it was reported was that the initial reply to the reporter was “please send us the exact steps to reproduce” and then nothing was done until the bug reporter replied back. I wouldn’t be surprised to learn there were even a few iterations of this, since I personally experienced it.

Then, your bug gets looked at. But you don’t know anything about its status. Until anything from a few days to a few months later, it gets closed as a duplicate. Of course there is no way to know in advance that the bug was already opened, and that you could save an hour of work time instead of making a minimal reproducible version of your app which reproduces the bug.

At least, that’s been my unfortunate experience.


Apple has disabled group FaceTime on their end. https://www.apple.com/support/systemstatus/

Haven't seen this page before (although admittedly I only have a mac, I don't use any of Apple's other services/devices) but I like how it feels... "Apple".

First of all they convert the time automatically as someone already posted, which is a very welcome surprise.

The second (and most surprising for me) thing was that they only have 2 statuses: "Available" and "Issue". And while most status pages have trained us to expect that the antithetical of green is red that it immediately catches your eye, in this case it is a simple yellow diamond which is much less alarming. I sense the PR department had its saying in how to present service availability issues.

Oh damn, they can do it just like that?

I thought FaceTime was a P2P thing... but it appears group FT requires Apple's servers?

Very few communication services are truly P2P; it's way more likely to have syncing issues and is virtually impossible without at least a handshake. Even Signal, which does have syncing issues due to being mostly P2P, requires a server for the initial handshake.

Especially on mobile, where you want to conserve battery life.

Each person only uploading one copy of video in a multiparty situation is a huge win for quality on mediocre connections.

Skype used to be "P2P" where one party would act as the host in a group call.

True for audio, not video.

IIRC, this was because of a lawsuit with VirnetX.

It never was (or only was for a short period) thanks to patent trolls.

P2P calls and video calls are patented. I don’t think anyone offers them anymore since the Virnetx cases.

Even for completely P2P things, you can still have server-driven feature flag, which Apple definitely makes extensive use of.

Amazing, a status page that automatically converts to the local timezone.

It’s showing me ‘AM’ and I’m on a 24 hour clock locale

The only sane thing to do.

I wonder how they're going to re-enable it. Can they disable group FaceTime only for people who aren't on the latest iOS version once it's patched?

It may be entirely unrelated, however this is the exact sort of behaviour you would expect to see associated with providing compatibility with Australia's newly introduced AABill, or to implement GCHQ's ghost participant proposal (https://www.lawfareblog.com/principles-more-informed-excepti...).

The bizarre thing is how little people seem to have paid attention to Snowden. Apple joined the NSA's PRISM program in 2012. [1] PRISM enables the government to access data from participating companies including audio, video, and live chat. I'm linking to Wiki there only as a catalogue of sources. The page itself is useless and has overtly fake (though at least mildly amusing) quotes from Google. There's no need for new bills for these sort of issues to be a concern.

I also tend to agree with you that this is not necessarily related to these programs. The reason I mention this at all is because I think there is a reasonable chance that this is related, that this overall issue is very important, and that the amount of cognitive dissonance on this is surprising and regressive. These programs are real. Companies facilitating access, including real time, to your data and "private" conversations is real. And it seems to only be getting worse. Yet people seem to convince themselves otherwise, including throughout this thread. Part of the reasons these programs are able to carry on mostly unchallenged is because people convince themselves that what is happening, is not.

[1] - https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#M...

I wish you weren't right.

That's a pretty huge flaw. Millions if not billions of people can suddenly remotely spy on almost any other ios or mac anywhere in the world, just by knowing their email address or phone number?

Perhaps Apple should simply pull the plug on the facetime servers for now.

Perhaps apppe should disable Group FaceTime calls until an update is out.


Tim, is that you?

They have Group FT disabled on the backend for now according to The Verge article about this.

That's a pretty huge flaw. Millions if not...

Is it just me, or is such a phrase applicable to Apple far too many times in the past several years? I think their engineering is losing quality or is falling behind on what they have to cover.

> Is it just me, or is such a phrase applicable to Apple far too many times in the past several years?

Couldn't the same statement be made about Facebook, Google, Yahoo, and other very large tech companies too?

When a company has a billion users, pretty much any huge flaw is going to have a very wide reaching impact.

Quality concerns aside, any bug in iOS instantly affects a billion people by virtue of the number of active users it has.

Comparable examples?

Just off the top of my head: I think on three separate occasions, specifically crafted text messages have made the Messages app disappear from iOS, requiring a reboot. There was a comparable MacOS login bug not too long ago.

Unless Apple decides they face significant legal exposure over the bug somehow I don't see them doing that. It would attract so much more attention that it would almost certainly not be worth it economically.

I wonder if they (executives? engineers? the company itself?) could be charged with aiding and abetting wiretapping or something now that they know it's happening and are letting their servers keep doing it.

Anyone got Tim Cook's number? If you do, bet you can get some, uh, exposure for this problem real quick.

"We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important." - Tim Cook today in what is now a bit ironic


I think it’s inappropriate to make (or imply) a call to action in a public forum to violate the privacy of a public figure (or anyone, but a public figure in this case). There’s low probability that Tim’s personal accounts or devices are easily accessible by the public, and I assume he has a team dedicated to his personal security, but let’s not encourage folks to start scheming...

Anyone try FaceTiming his email? Could be linked to iCloud and FaceTime-able..


That’s not his Apple email.

I know.

I didnt want to post his supposedly actual public email for fear of being accused of doxxing him.

I doubt he has his public email hooked up to his iPhone's iMessage/FaceTime, anyways.

I wouldn't be surprised if Apple has their own internal iCloud network. Just like Google has their Apps for Business, Apple could have one but just inwards-facing and not hosting any other business.

This means even if you have his internal FaceTime/iMessage ID, you wouldn't be able to contact him because his account and yours exist in 2 realms.

Then again I guess he'd need an external-facing one for public VVIP to FaceTime him. Maybe he just carries 2 phones?

Apple has iCloud@Work, but I don't think it supports iMessage and FaceTime.

That's what the sockpuppet account and TOR is for.

I suppose I did suggest trying to convict Apple with aiding in wiretapping, I really don't think being the one they are aiding is a good idea...

I use tcook@apple.com. Full disclosure: so far, it's been one-way correspondence; I've yet to hear back.

Do you think they will just ask all their employees to manually disable facetime in the meantime?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact