Apple disables Walkie Talkie app for Apple Watch over eavesdropping vulnerability

by
Xeni Jardin
from on (#4JYWM)
Story Image

Apple has temporarily disabled the 'Walkie Talkie' iOS app for Apple Watch after a vulnerability was revealed that could allow a third party to eavesdrop on your iPhone.

The app lets two users who accept invites from each other to send and receive audio chats by way of a 'push to talk' interface not unlike 'PTT' buttons on '90s-era cellphones.

Here's Apple's statement on the vulnerability and their decision to disable the app:

We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer's iPhone without consent. We apologize again for this issue and the inconvenience.

"Apple was alerted to the bug via its report a vulnerability portal directly and says that there is no current evidence that it was exploited in the wild," Matthew Panzarino at TechCrunch reports:

The company is temporarily disabling the feature entirely until a fix can be made and rolled out to devices. The Walkie Talkie App will remain installed on devices, but will not function until it has been updated with the fix.

Earlier this year a bug was discovered in the group calling feature of FaceTime that allowed people to listen in before a call was accepted. It turned out that the teen who discovered the bug, Grant Thompson, had attempted to contact Apple about the issue but was unable to get a response. Apple fixed the bug and eventually rewarded Thompson a bug bounty. This time around, Apple appears to be listening more closely to the reports that come in via its vulnerability tips line and has disabled the feature.

Earlier today, Apple quietly pushed a Mac update to remove a feature of the Zoom conference app that allowed it to work around Mac restrictions to provide a smoother call initiation experience - but that also allowed emails and websites to add a user to an active video call without their permission.

Read the full story:
Apple says it has temporarily disabled the Apple Watch Walkie Talkie app, due to a vulnerability that could allow iPhone eavesdropping, while it works on a fix [@panzer for techcrunch.com via techmeme.com]

Our primary use of the Apple Watch walkie-talkie is Becky screaming CODE BROWN at me when it's time to change a diaper, this is very disappointing https://t.co/OzTDuKmYgp

- nilay patel (@reckless) July 11, 2019

Due to a security vulnerability, the Walkie-Talkie app on Apple Watch is currently disabled. The issue bears similarities to this year's FaceTime exploit, except in this case Apple's bug reporting processes seem to have worked as intended. https://t.co/rPTtWTiGL2

- Ryan Christoffel (@iryantldr) July 11, 2019

Apple has disabled the Walkie-Talkie app on the Apple Watch after a security vulnerability allowed iPhone eavesdropping. Looks like another big flaw in FaceTime protocol after group calling bug. Reminder: Jobs promised to make FaceTime an open standard https://t.co/2wLyERmkkK pic.twitter.com/rTZ1L2U10u

- Tom Warren (@tomwarren) July 11, 2019

External Content
Source RSS or Atom Feed
Feed Location http://boingboing.net/rss
Feed Title
Feed Link http://boingboing.net/
Reply 0 comments