Eavesdropping flaw prompts Apple to suspend Walkie-Talkie app
Apple has suspended use of the Walkie-Talkie app in the Apple Watch until the company fixes a recently discovered vulnerability that could let someone listen to a person’s iPhone without permission, news site TechCrunch reported.
The Walkie-Talkie app allows people who accept an invitation to talk with friends in real-time without the hassle of making a phone call. Parties press a button when speaking and release it to hear what the other party says. Apple introduced the feature last year as part of its WatchOS 5 update.
Apple told TechCrunch that the flaw could allow someone to listen through another party’s iPhone without consent. Apple didn’t provide specifics of the vulnerability or exactly how it could be exploited. The company said it learned of the vulnerability through its vulnerability reporting page. Apple apologized for the temporary suspension while engineers investigate and fix the issue.
In a statement issued to TechCrunch, Apple representatives wrote:
We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.
The Walkie-Talkie suspension comes four months after Apple came under sharp criticism for its handling of an eavesdropping vulnerability in the FaceTime messenger app. FacePalm, as the vulnerability came to be known, allowed people to listen to audio from another device simply by initiating a FaceTime call and using a widely used Group feature for conference-call-style chats. While people on the receiving end saw a call was coming through, they had no idea that the person trying to connect could already hear nearby audio and, in many cases, see video from the device’s camera.
Apple failed to take action on the bug for more than a week after receiving emails from a woman who reported that her 14-year-old had found the vulnerability. Apple finally patched the flaw after word of it spread virally on social media and attracted attention from New York Attorney General Letitia James.
On Wednesday, Apple pushed a silent update for Macs that removed a risky Web server installed by the Zoom video conferencing app.