Intelice Solutions: Blog
14-yr-old Teen Who Discovered Eavesdropping Bug to Be Paid by Apple
Apple is yet to disclose how much it is going to reward a 14-year-old U.S. teenager for discovering a massive security breach on its FaceTime video call system. It is believed that part of the reward money will be set aside for his high school education fund.
On Thursday, Grant Thompson noticed the group FaceTime bug while on a video call with his friends. Apparently, they were discussing different strategies they could implement on Fortnite, a 3D video game that is widely popular among the teenage demographic.
Upon contacting Apple, necessary action was taken and the iOS 12.1.4 iPhone update was then released on Thursday. Prior to the discovery, an unknown security researcher noticed the presence of the FaceTime bug but was unwilling to come out with it, since Apple had not put a bounty on offer.
Towards the end of January 2019, details of a suspicious bug on FaceTime emerged. A couple of users noticed suspicious activity on the widely used video call system among iPhone users.
Sometimes when they contacted friends and family, they could distinctly hear what was happening on the recipient’s end (regardless of whether they answered the call or not). Apple got word of the bug and immediately disabled the recently-launched group Facetime feature on iOS phones.
Earlier that same month, the teenager and his mother phoned the trillion-dollar company with a similar potential security threat. As expected, Apple considered the 14-year-old’s discovery a hoax and thought the boy was craving attention.
The problem was uncovered by Grant on one of his group FaceTime video calls. When Thompson’s plea was given a deaf ear, his mother, Michele Thompson stepped in and repeatedly reached out to Apple via social media and emails. For some reason, Apple was adamant to heed to the vulnerability in their FaceTime feature.
Ever since other users of the video call system came out with a similar bug issue, Apple has credited Grant, who hails from Catalina, Arizona, with this major finding. Grant’s name went viral hours after Apple released a software update to counter the bug’s detrimental effects.
About the Update
The iOS 12.1.4 is the latest update from Apple for all iPhone 5S phones, iPad Air devices, and the 6th generation iPod Touch. A week ago, Apple disabled Group FaceTime when news about the bug emerged.
Apple noted in turn that it solved a similar unknown issue some time ago in FaceTime’s Live Photos feature. On Friday, Apple reported that it solved the major security flaw on its servers. It would also release an advanced software update to re-activate Group FaceTime.
iOS 12.1.4 release notes state that there was an existence of a logic issue in Group FaceTime. It was also emphasized that the bug was fixed with “improved state management”. On Thursday, as of 10 a.m., the system status page of the massive tech company noted that Group FaceTime’s restoration was successful.
iPhone users can update their gadgets by doing the following:
- Open settings
- Tap on ‘General’.
- Select Software Update
- Download the update
Once the download is complete, your iPhone will automatically install the new software.
Swift Security Measures
A representative for Apple had this to say in regards to the update and the reported bug: “In regards to the bug that has noticeably established its presence in the FaceTime feature, a security audit has been conducted by our team. Additional updates have been made to not only the Group FaceTime app, but its Live Photos feature as a whole in a bid to enhance our security. This will go a long way in securing our customers who are yet to upgrade to the latest software”.
The representative also revealed a major server upgrade to block older versions of macOS and iOS from making use of FaceTime’s Live Photos feature.
For a global company that is keen on preserving users’ personal information, the bug was a huge misstep. Tim Cook, Apple’s CEO, has often advocated for increased regulation of privacy. In the recent past, he has subtly called out companies that utilize their customer’s vital data for the creation of personalized ads. In this case, it’s safe to say that Apple is not so perfect either.
Apple’s bug bounty program
Apple missed a massive opportunity to solve the FaceTime bug problem soon enough. Based on reports from The Wall Street Journal, as early as the start of January, Apple received warnings from a concerned teen but decided to do nothing about it.
Fortunately enough, before the issue escalated to something even more serious, more and more users noticed the flaw and issued a public outcry to the company.
Apple has offered its sincerest apologies to the teen and his family and is yet to fully reward them for their vocal assistance on the bug issue. The company is not willing to share the exact amount they will pay, but it will be substantial enough to see Grant through high school, according to a report by Reuters.
In regards to this incident, Apple developed the ‘bug bounty program’ in late 2016. In most cases, researchers can receive more than a hundred thousand dollars for reporting bugs early enough. One of the first people to receive substantial compensation from the program was 19-year old Luca Todesco.
In that same year, Facebook followed suit and rewarded a 10-year-old Finnish youngster a whopping $10,000 in bug bounty. The boy allegedly figured out how to delete anonymous users’ comments from all Instagram servers.
Aside from Grant Thompson, a 27-year-old software developer from Texas by the name of Daven Morris was also credited. Unlike Grant, Mr. Morris reported the problem several days after it was already made known.
Either way, Apple rewarded the young man for noticing the problem soon enough.