Apple has, once again, found itself stuck with an eye-rolling iOS bug that puts your data security and privacy at risk. And, no, this isn’t the usual “someone found a way to bypass whatever authentication method you use” deal that tends to pop up around iOS releases. This one’s a big one: a bug with FaceTime that allows another person to eavesdrop on your device.
I’ll start with the good news. Apple has already taken down Group FaceTime as of when I wrote this article, which prevents someone from hearing what you’re up to. The company also promises to fix the issue this week with another update.
Last week, Apple rolled back one of the key FaceTime features that was supposed to drop with iOS 12 and macOS Mojave this spring: group video chat. The feature, which would let you and up to 31 friends not-quite-make-eye-contact through their phones and laptops, was removed from the beta versions of each OS last week, and will now reportedly launch at a later date.Read more
The bad news? It’s thought that the trick could work with any device running iOS 12.1 at minimum (and macOS!), which came out at the end of last October. While the bug has only made headlines in the last day, there’s no reason to think that unsavoury types haven’t known about it for months.
More importantly, it’s yet another affirmation that Apple can’t seem to get iOS testing right. I realise this whole affair is a bit cat-and-mouse; Apple releases a new version of iOS and someone with a lot of time on their hands finds an obscure way to do something they shouldn’t.
But also, Apple isn’t a startup.
The company has infinite resources—even if they’re probably going to get pummelled by the stock market today — so there’s little reason why everything they put out shouldn’t be QA’d to death. Clearly, there’s some lapse in the testing process, and it’s unfortunate that the company’s customers are the ones stuck with the mess on a fairly regular basis.
This is a god damn disaster. This is completely unacceptable. How is Apple so good at the bottom of the stack and their higher tiers are continually failing in basic ways. https://t.co/8mXFNiNrLV— SwiftOnSecurity (@SwiftOnSecurity) January 29, 2019
In fact, maybe it’s time to start taking more active control over your security and privacy on Apple devices. I’ve been thinking about this all day, and here’s a few ideas I’ve come up with:
Stop installing major versions of Apple’s operating systems on day one
I’m not saying you should never install the latest and greatest version of iOS, because we all love to play with new features, squash annoying bugs, and patch up security holes. However, maybe wait a few days. Or a week. Or a month. Or whatever time period you’re comfortable with giving Apple, to see if any new exploits or other unfortunate issues pop up. Wait for Apple’s fanatical fanbase to try to find exploits, then install major updates once Apple plugs up the holes.
Don’t beta test Apple’s operating systems
I’m guilty of this one, but maybe it’s time to stop being Apple’s guinea pig. I don’t want some new iteration of iOS to reveal a gaping hole in my device’s security. I’d feel a lot more comfortable with the latest public release that’s less likely—but not guaranteed—to have fewer exploits.
Remove or disable that which you do not use
I have never used Group FaceTime. In fact, I rarely use FaceTime. And if I simply disabled it on my device, rather than letting it sit there in the background doing nothing, then nobody would be able to use it to hear what I’m up to. And while I can’t predict where the next bug will strike Apple’s software, I’d recommend taking a thorough audit of your iPhone or iPad the next time you have some time to kill. Do you ever use a particular app? No? Delete it. Run through your device’s services and features. What don’t you use? What can you disable? The fewer entry points for potential exploits, the better.
Start paying attention to Apple
If nothing else, go set up a Google News alert for “Apple+bug,” or “Apple+exploit,” or whatever other permutations of words you want. While it’s important to stay on top of the latest vulnerabilities for any of your geeky devices, I’d be less concerned about making sure your desktop motherboard is running the latest firmware—which you should still care about!—and much more concerned about the havoc that some just-discovered iOS issue can cause. Your smartphone is probably your most-used tech gadget. Keep it safe.
Don’t forget: You are not invulnerable
Apple keeps giving us reasons to say goodbye. iOS 11 is buggy as hell, with the most recent error making iPhones almost unusable and the latest version of macOS briefly exposed Mac owners to a major vulnerability. As for the iPhone X, it may be pretty sleek for an iPhone, but Apple's still playing catch-up to its Android competition.Read more
It’s always good to remember that your smartphone is reasonably secure, but not infallible. If you lose it, don’t assume that Touch or Face ID is enough to keep a dedicated attacker—or someone who runs a quick web search at the right time—from getting into some aspect of your phone’s contents. Would Apple’s issues ever stop me from bringing my iPhone with me to the bathroom? Probably not. I’m not that crazy. However, keeping it securely in your possession (at a friend’s house, at a party, when you’re going out, et cetera) is the best security you can have, and you might not want to be as casual about your device going forward.