Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's a pretty huge flaw. Millions if not billions of people can suddenly remotely spy on almost any other ios or mac anywhere in the world, just by knowing their email address or phone number?

Perhaps Apple should simply pull the plug on the facetime servers for now.



Perhaps apppe should disable Group FaceTime calls until an update is out.


Done!


Tim, is that you?


They have Group FT disabled on the backend for now according to The Verge article about this.


That's a pretty huge flaw. Millions if not...

Is it just me, or is such a phrase applicable to Apple far too many times in the past several years? I think their engineering is losing quality or is falling behind on what they have to cover.


> Is it just me, or is such a phrase applicable to Apple far too many times in the past several years?

Couldn't the same statement be made about Facebook, Google, Yahoo, and other very large tech companies too?

When a company has a billion users, pretty much any huge flaw is going to have a very wide reaching impact.


Quality concerns aside, any bug in iOS instantly affects a billion people by virtue of the number of active users it has.


Comparable examples?


Just off the top of my head: I think on three separate occasions, specifically crafted text messages have made the Messages app disappear from iOS, requiring a reboot. There was a comparable MacOS login bug not too long ago.


Unless Apple decides they face significant legal exposure over the bug somehow I don't see them doing that. It would attract so much more attention that it would almost certainly not be worth it economically.

I wonder if they (executives? engineers? the company itself?) could be charged with aiding and abetting wiretapping or something now that they know it's happening and are letting their servers keep doing it.


Anyone got Tim Cook's number? If you do, bet you can get some, uh, exposure for this problem real quick.


"We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important." - Tim Cook today in what is now a bit ironic

https://mobile.twitter.com/tim_cook/status/10900017677801799...


I think it’s inappropriate to make (or imply) a call to action in a public forum to violate the privacy of a public figure (or anyone, but a public figure in this case). There’s low probability that Tim’s personal accounts or devices are easily accessible by the public, and I assume he has a team dedicated to his personal security, but let’s not encourage folks to start scheming...


see: https://www.reddit.com/r/apple/comments/77hl5k/i_sent_an_ema...


Anyone try FaceTiming his email? Could be linked to iCloud and FaceTime-able..


[redacted]


That’s not his Apple email.


I know.

I didnt want to post his supposedly actual public email for fear of being accused of doxxing him.


I doubt he has his public email hooked up to his iPhone's iMessage/FaceTime, anyways.


I wouldn't be surprised if Apple has their own internal iCloud network. Just like Google has their Apps for Business, Apple could have one but just inwards-facing and not hosting any other business.

This means even if you have his internal FaceTime/iMessage ID, you wouldn't be able to contact him because his account and yours exist in 2 realms.

Then again I guess he'd need an external-facing one for public VVIP to FaceTime him. Maybe he just carries 2 phones?


Apple has iCloud@Work, but I don't think it supports iMessage and FaceTime.


That's what the sockpuppet account and TOR is for.


I suppose I did suggest trying to convict Apple with aiding in wiretapping, I really don't think being the one they are aiding is a good idea...


I use tcook@apple.com. Full disclosure: so far, it's been one-way correspondence; I've yet to hear back.


Do you think they will just ask all their employees to manually disable facetime in the meantime?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: