Apple has shut down its Walkie Talkie application after a user discovered a vulnerability.
Similar to the Group FaceTime bug which enabled callers to listen to the audio of unanswered iPhones, the Walkie Talkie app also allows an eavesdropper to listen to someone else’s iPhone.
The app is temporarily deactivated to allow Apple engineers find a solution and fix it.
Walkie Talkie app Introduced for the Apple Watch OS5
The Walkie Talkie app introduced last year works like a walkie talkie. It allows users to list themselves as available to chat. By holding down the Talk button on the Apple Watch, users are able to issue important voice messages to friends of their choosing.
Releasing the button allows the user to hear their friend’s voice immediately as they respond with a hearty message.
In a statement, Apple said “Although we are not aware of any use of the vulnerability against a customer and specific conditions are required to exploit it, we take the security and privacy of our customers extremely seriously.
We conclude that disabling the app was the right action as this bug could allow someone to listen through another customer’s iPhone without permission. We apologize again for this issue and the inconvenience.”
Apple has yet to give details on the nature of the mysterious bug nor has the company provided a timeline for providing a fix. Until then, its radio silence for users who use the app to take part in an audio chat via the device’s push to talk interface.
The mysterious flaw allowed the Walkie Talkie app to make an automatic connection between Apple devices. When activated, the app works properly until the user initiates an audio chat. At this point, a spinning indicator continuously loops without making a connection.
Bug Reported
The flaw was reported via Apple’s report a vulnerability portal. After initial investigations, Apple has confirmed that the flaw has not been exploited. In a statement sent to Tech Crunch, Apple apologized for the inconvenience.
Apple said: “We were made aware of a flaw related to the Walkie Talkie app and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible.”
The app remains installed while Apple works on a patch and it will resume functioning properly after the exploit is addressed.
FaceTime and Zoom Bugs
This comes after a flaw in Apple’s video conferencing tool, Zoom was discovered. The flaw left Apple Mac users’ webcam vulnerable to remote activation by clicking a link. Even if the user uninstalls the app, it can be re-installed remotely.
Discovered in March 2019 by Jonathan Leitschuh, a researcher, the flaw would allow malicious individuals to force users to remotely join Zoom calls by turning their Apple Mac webcam on automatically.
To fix the flaw, Apple has pushed a silent update. The silent update removes the hidden web server in Zoom which forced users to join a call without their permission.
Early in 2019, Apple had to deal with another embarrassing snooping bug in its popular FaceTime app. The flaw was reported on 9to5Mac, a news site. In fact, details were available on how to abuse the flaw.
Here is how malicious users would exploit the flaw:
-
- Call someone from contacts using FaceTime
- Once their phone rings, tap on “Add Person” to include another participant
While it may sound pointless, the flaw allowed a malicious user to hear audio feed from a contact who has not answered their call.
Thankfully, the flaw is already fixed.