At Apple, another wiretapping scandal happened – a vulnerability was found in the Radio Radio application that allows you to listen to the iPhone without the consent of its owner. As reported in the “apple” of the company, as long as they do not have data on whether someone had time to abuse the security hole for their own selfish purposes.
Spy clock games.
In the “smart” watch Apple Watch was discovered a vulnerability that allows you to listen to the user’s iPhone without his consent, according to TechCrunch. Apple acknowledged the presence of the bug and apologized for the inconvenience. As a result, the “Radio” application, which allows to take advantage of the vulnerability, was disabled until the corresponding patch appears.
The “Walkie-talkie” application is available to all Apple Watch owners with the watchOS 5 operating system. As the name implies, it works like a regular walkie-talkie – the user clamps a button and sends a message to the other party. With a slight delay, it arrives at the device of the second user, which in the same way can send a response. This feature works on the basis of an audio call from the FaceTime application.
In its official statement, Apple indicated that it knew about the vulnerability, and therefore decided to turn off the “radio” before fixing the bug.
Despite the fact that we do not know whether anyone has abused this vulnerability, and what special conditions and prerequisites for this are necessary, we treat the security and privacy of our users with full responsibility. We decided that disabling the application is the right solution, since this bug allows you to listen to other customers on the iPhone without their permission. We apologize for the incident and the inconvenience , – reported the press service of the company.
It is reported that the “radio” will remain on users’ devices until a suitable patch is released, but will not work at startup.
Interestingly, in January 2019, a similar vulnerability was discovered in FaceTime group calls. At the same time, the interlocutor could have been listened to even before he took the call. This bug concerned all owners of the iPhone, iPad or Mac, if the corresponding application was installed on the devices.
Then Apple released an official statement, in which it acknowledged the existence of the problem and promised to release the patch in the very near future.
We are aware of this vulnerability and have released a patch that will be available with the system update by the end of this week, said a company spokesman.
Interestingly, the bug was first discovered by a teenager named Grant Thompson, who tried to contact Apple to report a problem, but never received a response.
When the story was replicated by the media, Apple promptly released a patch and rewarded Thompson as part of the Bug Bounty program, when software developers pay users for detecting critical errors.
Apparently, in the case of the “Walkie”, Apple, learned from its mistakes, worked more quickly and turned off the vulnerable application before users suffered any damage.
In February of this year, Apple had another scandal with wiretapping. Then TechCrunch portal announced that a number of applications for the iPhone secretly records all the information from the screen of the smartphone, without notifying the owner.
Among the companies that were found to be in questionable data collection were fashion brands Abercrombie & Fitch and Hollister, Air Canada and Singapore Airlines, Hotels.com hotel reservation service, travel organizing company Expedia and some others.
To collect information, the above applications used the Glassbox service, which allows you to record everything that happens on the screen, including the user’s touch and swipe, and then re-play the recording to see exactly how the person interacted with the program.
Information received from users’ smartphones is carefully collected and sent to third parties for analysis. On the basis of this data, an advertisement targeting specific people is created. In addition, users of these popular applications did not even guess about spying, since the program did not request permission to collect data.