Apple

FaceTime Bug Discovered by Teen, Reported a Week Ago

The teenager stumbled on the FaceTime bug ahead of a 'Fortnite' session.

Michael Kan

Guest Writer

Reporter

January 30, 2019 3 min read

This story originally appeared on PCMag

The embarrassing FaceTime bug was reportedly discovered by a 14-year-old teenager and reported to Apple about 10 days ago.

The Arizona high school freshman, Grant Thompson, stumbled on the bug while attempting to FaceTime his friends before a Fortnite gaming session, according to The Wall Street Journal.

As he added members to the group chat, Thompson realized he could hear the audio from his friends' devices, even though they hadn't agreed to join the FaceTime session. The teenager then told his mother, an attorney, about the spying danger posed by the flaw.

"Short of smoke signals, I was trying every method that someone could use to get a hold of someone at Apple," Thompson's mother, Michele, told the Journal in an interview.

Michele called an Apple support representative, who responded by telling her to register as an Apple developer and submit the flaw to the company's "Bug Reporting" program, which she did. In addition, Michele began tweeting about the problem to media outlets.

My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews
— MGT7 (@MGT7500) January 21, 2019

She also tried to notify Apple executives on social media and through a formal letter. "@tim_cook This is real...trying to get Apple's attention to get this addressed. I'm just a mom of a teenager who found a huge problem in your new update," she tweeted on Jan. 21.

What prevented Apple from taking her reports seriously isn't clear. So far, the company hasn't commented about the origin of the bug. But the whole episode underscores the need for tech companies to make it easier to report serious glitches in their products, according to Marten Mickos, CEO of HackerOne, a bug bounty platform.

"Even if millions of people find nothing to report, and thousands may report something that isn't really a bug, it still is worth it when just one person finds and can describe the bug," Mickos said in an email.

Michele Thompson said on Twitter that she's hoping her son will get credit for finding the FaceTime vulnerability, and receive a payout from Apple's Bug reward program. "I owe it all to my 14-year-old. He's amazing. Tried to do the right thing by reporting it privately to Apple. I guess I'll scream it next time," she tweeted.