Apple again is making headlines this week, but not for a new, overpriced device. Unfortunately for iPhone users, the long-awaited group facetime will need to be put on hold once again. Apple acknowledged earlier this week that group facetime may be exploited to eavesdrop, and in some cases, see the other person before they answer the call and without their knowledge.
This exploit is performed by calling one person on facetime. Then, simply add another person to the call. When the third person is added, the person who started the call can hear and see the person they initially called. Ironically enough, Grant Thompson, a 14 year old Arizona boy trying to play Fortnite with his friends, initially discovered the bug. After confirming the bug, Grant’s mom, Michele Thompson tried to warn everyone and anyone about this massive privacy breach.
In the 9 days before Apple publically addressed the bug, Michele tried “everything she could think of to get Apple’s attention”, from emailing, calling, and trying to reach Tim Cook on social media, to faxing Tim with her law firm’s letterhead. Unfortunately, all of Michele’s efforts were futile. Michele next took social media and finally got the results she was looking for. Even though Apple ignored her, the millions of concerned Apple users across the nation did not.
After Apple’s social media roast, they finally acknowledged the exploit on an entire week later, Monday, January 28. In a statement released Tuesday, January 29, Apple confirmed that they have a fix for the issue and will roll out an update later this week to fix the bug entirely. The story here isn’t the bug itself, but rather the lack of accountability from Apple. Apple has channels accessible to report bugs, and often gives rewards and bounties. However, this bug bounty program is not easily accessible. In fact, many organizations that have these programs will not allow non-developers report bugs directly.
Because of Apple’s issue, it is likely many organizations will revamp their bug reporting systems that are currently in place. Based on what we’ve learned in class, what are the essential parts of a bug reporting system? What functionality will make it user friendly and more effective for organizations to patch bugs so this does not happen again?