Undocumented (previously hidden) spy agency function?
You might want to disable FaceTime on your iPhone, iPad, or Mac until Apple patches this bonkers bug. Folks have confirmed it is possible to call someone via FaceTime, and secretly listen in on their iThing or Mac's microphone before they accept or reject a call. It's a handy, creepy way to find out what someone's up to before …
I found the mix of Linux and Apple to be the best combination for what we do.
One offers me decent backbone stability and the option to tweak what I want (with the caveat that local tweaks may hurt that stability :), the other gives me a good graphics oriented desktop that speaks Open Standards by default (although you have to use the resvport option to get an NFS mount going) and that I can let loose on end users without immediately drowning in support calls.
That said, this is a VERY bad bug. Thanks to continuous assault on our rights I am very wary of these things, and this one is so bad it almost looks deliberate as it's trivial to activate. Heck, this is intercept capabilities for beginners - *seriously* bad.
1. Lineage OS, uses the android stack but removes the google blobs unless you reinstall them. This generally works, but offers little Linux functionality. You must have a phone in a specific list, with only flagships from each generation and popular devices included.
2. Sailfish, which has more Linux and no android, and offers some Linux functionality but is mostly incompatible with the Linux functionality of a Linux desktop. You must have a phone in a specific list, with only flagships from old generations included.
3. Ubuntu touch, which was promising until it was dropped, and is now maintained by a random group of people, meaning who knows what it will be like tomorrow. But it does do Linux, and well. For now. You must have a phone in a specific list. The list is very short. Expect installation to take forever, plus a lot of typing. Good luck.
I really wish there were better options.
Nah just the software isn't being used in the way their software team expected
I don't think so. I had a ping that this "feature" has been known for at least 3 months by some parties who are not quite as diligent to pass on bugs to the manufacturer, they use them instead for fun and profit.
The best way to have a confidential meeting is still without any electronics, but given that we are living in a world where people find it normal to have Google Home and Amazon Alexa listening to their every word I have the impression that people have gone numb to the risks.
Yes, but it depends on your level of paranoia.
The people we use for client office bug sweeping are at the top of their game, ex intelligence and they cost serious money and they literally take everything apart (assuming they don't fail the room for being impossible to secure - that has happened). If you're willing to pay for that, fine - security is always a battle between budget and level of risk you're willing to accept..
I haven't seen it yet for either MacOS and iOS.
I looked at the security reference for iOS 12.1.3 and MacOS 10.14.3 a few days ago, and that only fixed a possible remote execution risk for FaceTime, not a your-neighbour-can-do-this intercept problem.
That said, I do think that a lot of staff will be busy fixing this one so I expect a beta soon - I can see my iPad already pulling in a beta update (I have one non-essential iOS device on betas so I can see the updates coming before they go public).
iOS 12.1.3 came out recently, but it does NOT contain the fix for this. The short term fix is Apple disabling the new group Facetime calling option that made this bug possible, in a few days we'll get 12.1.4 to address it (and a rev of the 12.2 beta for developers) and then they'll be able to re-enable group Facetime.
Not necessary, the trigger for the bug were the recent changes Apple made to allow group Facetime calls. They've already disabled those, so exploits are no longer possible. Once the update has been out a few days and people have had time to install it, they'll re-enable group Facetime.
As far as I know, an iPhone tracks every incoming call. The Imazing iOS management application for MacOS does more than just versioned, automated backups (although that's what I mostly use it for), it also backs up your call records and makes them accessible.
Call records include everything including FaceTime, so if you look at calls which aborted quickly you'll probably get an idea if you've been hit by this.
Worth a peek IMHO.
At least there will be a fix and rolled out to all.
The various android devices I have are all on different, old and with known vulnerablities versions without any way of updating beyond hope.
My i thinks are all up today and some of them are quite old for a consumer product.
Biting the hand that feeds IT © 1998–2019