US House Democrats Demand Answers from Apple About Group FaceTime Eavesdropping Flaw

According to a new report from Bloomberg, Democrats on the House Energy and Commerce Committee have sent a letter asking Apple to explain how it handles security bug reports, following claims it responded slowly to a Group FaceTime privacy glitch.

The letter — penned by Rep. Frank Pallone Jr. (D-N.J.), chairman of the House Energy and Commerce Committee, and Rep. Jan Schakowsky (D-Ill.), chairwoman of the Consumer Protection and Commerce Subcommittee — said they’re “deeply troubled” by reports that the vulnerability could inadvertently or intentionally turn any Apple device into a listening device.

“We are writing to better understand when Apple first learned of this security flaw, the extent to which the flaw has compromised consumers’ privacy, and whether there are other undisclosed bugs that currently exist and have not been addressed,” the letter said (PDF).

The aforementioned vulnerability allowed FaceTime users to call another device and hear audio on the other end before the recipient answered the call and without the other user’s knowledge. The Cupertino company said Friday it will fix the vulnerability on its servers and that it would issue a software update to re-enable Group FaceTime sometime this week.

Pallone and Schakowsky ask Apple a number of important questions, including the following:

  • When did your company first identify the Group FaceTime vulnerability that enabled individuals to access the camera and microphone of devices before accepting a FaceTime call? Did your company identify the vulnerability before being notified by Mr. Thompson’s mother? Did any other customer notify Apple of the vulnerability?
  • Please provide a timeline of exactly what steps were taken and when they were taken to address the vulnerability after it was initially identified.
  • What steps are being taken to identify which FaceTime users’ privacy interests were violated using the vulnerability? Does Apple intend to notify and compensate those consumers for the violation? When will Apple provide notification to affected consumers?
  • Are there other vulnerabilities in Apple devices and applications that currently or potentially could result in unauthorized access to microphones and/or cameras?

Both Pallone and Schakowsky wrote that they didn’t “believe Apple has been as transparent as this serious issue requires.”

“While these are wonderful tools when used right, the serious privacy issue with Group FaceTime demonstrates how these devices can also become the ultimate spying machines,” Pallone and Schakowsky wrote.