Apple has discovered a vulnerability in its smartwatch that could allow users to eavesdrop on iPhone conversations.
The Walkie Talkie app on the watch works through two users pressing a ‘push to talk’ button after which they can then leave each other short messages. But, operators of the app must both consent for it to work.
However, fear arose that by using this app handlers had the potential to listen in to other people’s iPhone calls without them giving their permission.
Upon realisation, the tech giant disabled the app and apologised to its customers over the issue.
The flaw is currently being fixed and although still on the device, the app will not work until it has been updated.
Apple gave a statement saying: “We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible.”
The tech company found out about the flaw through a report on its vulnerability portal, but says that there have been no actual exploitations they are aware of.
Apple continued to say: “Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.”
In January this year, a bug was discovered in Apple’s Facetime app that also allowed people to listen in on conversations without having consent.
This bug has since been fixed but, when active, it had the potential to trigger the microphone on a targeted iPhone, even when the person did not answer.
Non-consensual access to webcams
Similarly, this week, Apple’s video conference calling platform, Zoom, announced they too had discovered a bug that could let hackers commandeer people’s personal devices – this time through their webcams.
Software engineer, Jonathan Leitschuh, stated that the issue cannot be fixed through uninstalling the app.
He continued to say that 750,000 companies around the world, and 4 million webcams, are at risk.
This bug works through an invite for a video call being sent to an individual. That party doesn’t even have to accept it for it to then force its way on to, and use, that person’s webcam.
Not enough being done
Despite this issue originally being reported in March, Leitschuh suggests that Zoom did not do enough to fix the problem.
He wrote: “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner.
“An organisation of this profile and with such a large user base should have been more proactive in protecting their users from attack.”
It’s thought Apple is trying to silently remove the problem with Zoom. The Walkie Talkie app is still being fixed.