Apple is now facing a formal investigation over its FaceTime eavesdropping bug.
New York Attorney General Letitia James announced the probe on Wednesday, saying Apple failed to warn people about the security flaw and didn’t address the issue quickly.
Apple’s FaceTime feature suffered from a security vulnerability where callers could eavesdrop on recipients, even if the person receiving the call didn’t pick up the phone. It worked by exploiting an issue with Group FaceTime and adding a third person onto the call.
The tech giant said a fix would be coming soon and has temporarily disabled the Group FaceTime feature until then.
The investigation will focus on Apple’s response to the FaceTime bug. The attorney general’s office is accepting public complaints about the vulnerability on a hotline at 1-800-697-1220.
“New Yorkers shouldn’t have to choose between their private communications and their privacy rights,” James said in a statement. “This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years.”
Apple didn’t respond to a request for comment about the investigation.
The bug became public knowledge on Monday after 9To5Mac reported it, but a mother in Arizona said she’d been trying to warn Apple for over a week before it was shown to the world. Michele Thompson, an attorney in Arizona, said her 14-year-old son discovered the security flaw while trying to play Fortnite with his friends on Jan. 19.
She said had reached out to Apple multiple times after that — by phone calls, emails, messages on Facebook and Twitter, reporting it to the company’s product security team and at one point, sending a fax.
Thompson said it was difficult to report the bug to Apple, and she tried her best to get the flaw in front of the company before it got out to the public.
Group FaceTime has been available since late October, when Apple rolled out the feature on iOS 12.1. The feature let up to 32 people join in on the same video call.
The investigation is also backed by New York Gov. Andrew Cuomo, who called the “egregious bug” a “serious consumer rights issue.”
“We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again,” Cuomo said in a statement. He warned consumers about the bug on Monday.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
NASA turns 60: The space agency has taken humanity farther than anyone else, and it has plans to go further.