No doubt everyone is now familiar with Apple FaceTime group calling a bug that was highlighted on the internet this week. But do you know that a 14-year-old boy stumbled upon the bug that allows eavesdropping for the first time as early as a week before even the first blog discussing the bug came to light.
Grant Thompson, a 14-year-old boy, a high school freshman in Tucson, Arizona, stumbled upon the bug on January 19th whilst trying to play Fortnite. Yes, as the story goes, Grant set up his Xbox One and called his friend Nathan to join him in the game as well. He dialed Diego, another friend of Grant, to check on him too. This is when the bug was triggered allowing Grant to overhear the microphone feed from Nathan even when the recipient didn’t pick up the call.
He tried doing the same several times to verify if it was actually happening and when he was sure about it, he asked his mother Michele Thompson to report the bug to Apple before it becomes a key vulnerability. In fact, as Michele states, she tried to contact Apple for a straight nine days via fax, calls, emails and even tweets to Apple and even Tim Cook (CEO, Apple), however, to no avail.
Someone suggested to report the bug after registering as a software developer that could win Grant a bug bounty and that’s when the report suggesting the bug went live on the internet. This is only when Apple acknowledged Michele’s bug reports and thanked her.
Apple has since disabled the group calling feature and will be pushing on software updates as early as next week when the 32-people group calling feature will be enabled again. Michele also points out how a 14-year-old boy was able to exploit the bug which means there might be other instances of such eavesdropping too.
As of now, Apple has only thanked Michele and Grant for the discovery and have provided a little credit for it too but there’s no hint of a bug bounty that companies offer developers who find bugs in their software and system. Anyhow, Grant said that he is still happy to have received a thanking note from Apple although winning a bug bounty would have been ‘pretty awesome’.