“Why do you keep calling me with FaceTime instead of, you know, normal calls?” my Georgia Tech colleague Charles Isbell asked me the other week. “I don’t even mean to,” I answered. “For some reason, it just does it that way!”
We thought it was a nuisance that introduced confusion, ringing the phone in a different and unexpected way. But a serious FaceTime bug revealed on social media this week indicates that the service—Apple’s voice and video telephony software—could have been used for more nefarious ends.
The bug allows users to listen in on, or even watch, the person they are calling before that party has answered the call. It doesn’t even require any technical knowledge or esoteric hacking. As 9to5Mac showed, following a few simple steps to add the ringing call to a group chat is sufficient. Apple has taken the group-calling service offline until a software update can be provided. In the meantime, if you have an iPhone, it’s probably a good idea to turn off FaceTime until a fix arrives.
I can’t believe I’m saying that, but here we are. It’s not just significant because a giant, wealthy tech company introduced a bad and seemingly careless bug in the core software of the most important kind of computer on Earth. It’s also notable because the exposure, which is real, substantiates and mainstreams long-running paranoid fears about the inherent untrustworthiness of computer hardware. You know those paranoiacs who told you to cover your laptop camera with tape so hackers couldn’t spy on you? They were right, in a way: Your computer might be out to get you, even if it doesn’t mean to be.
Trustworthy is hardly a word many people use to characterize big tech these days. Facebook’s careless infrastructure upended democracy. Abuse is so rampant on Twitter and Instagram that those services feel designed to deliver harassment rather than updates from friends. Hacks, leaks, and other breaches of privacy, at companies from Facebook to Equifax, have become so common that it’s hard to believe that any digital information is secure. The tech economy seems designed to steal and resell data.
Apple has largely risen above this fray. The company makes most of its money from hardware sales, not advertising, so it has little reason to collect or cheat you out of your data. A 2014 leak of celebrities’ private iCloud photos offers an exception, but successful phishing attacks led to that breach, not a defect in Apple’s servers. Because Apple wants consumers to buy more phones more often, previous controversy has mostly been limited to accusations of planned obsolescence. Last year, Apple launched a low-cost battery-replacement program to make up for one such irritation. It would turn out to come at the worst time, as iPhone sales slowed, cratering Apple stock at the end of the year.
This FaceTime bug arrives on the heels of Apple’s apparent fall from grace, and that makes it a sign of something relatively new. Hardware and software systems are more complex than ever, and bugs are bound to arise. Most are accidental, the unexpected combination of instructions given by humans to computers, which do exactly what they are told. But given Apple’s billions of dollars in the bank and thousands of engineers, the public will lean hard on its promise of trust, which Tim Cook, the CEO, has used to distinguish his company from competitors such as Google and Facebook.
The paranoia will increase, too. Couldn’t the FaceTime exploit have been purposely added, as a backdoor for the government or for the lulz of a disgruntled engineer, some might wonder? Yes, that’s possible, if unlikely. (Apple has yet to respond to a request for comment from The Atlantic about the origins of the bug, but in an earlier statement, the company told journalists, “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”) The origins of the bug may not matter, because paranoia is a jealous sentiment: The moment it even seems possible that some dark force is out to get you, those who would embrace and amplify that worry won’t let it go. And all the other, justified worries about Big Tech only worsen that condition.
The bug should also raise concerns about the ongoing drive to turn everything that once worked well into a less reliable and secure, if more convenient, computational equivalent. FaceTime isn’t expressly necessary. It’s a convenient way to make calls, especially video calls, but there are others, such as Skype. FaceTime Audio does sound better than a traditional phone call, because it’s sampled at twice the rate, making higher-frequency voices and sounds more audible. That’s an improvement, but many people would prefer more certain privacy over being able to hear the sighs of the person on the other end of the telephone.
These services slowly seep into contemporary life, often without us even noticing what’s happening. I looked into why calls to my colleague Charles were routing through FaceTime; as best I can tell, I once used it to call him, probably when I had poor cellular coverage. Afterward, pressing the “audio” button, emblazoned with an old-school telephone handset, appears to have sent the call through FaceTime. Initiating a traditional call now requires many more button presses.
This is how snowballs form. A deliberate accident leads to a realization that FaceTime audio quality is better, which might inspire me to use it more often, and more deliberately. Eventually, as millions or billions of people do so, the relevance of the public switched telephone network might degrade, making Apple a telco as much as anything. (Microsoft aspired to a similar assault on telephony when it bought Skype and then transformed it into a corporate service.)
It’s unlikely that FaceTime will take over for telephone calls anytime soon, if ever. It’s a proprietary service of Apple, and the company needs a lot more of those services to keep consumers on its high-profit devices. But slow, steady change makes services proliferate. That’s how Facebook or Google or LinkedIn went from obscurity to necessity. You can’t buy a laptop without a camera that might or might not spy on you, and you can’t buy an iPhone without FaceTime. And with it, all the foibles and defects that service brings.
Eventually, and soon, Apple will release a fix for this bug. News about it will dissipate into the background, until eventually it will be largely forgotten. But behind the scenes, the issue will persist. Apple might be able to alter the behavior of FaceTime at the server level, but any changes that need to run on the client—that’s your iPhone—would still require that the user install the software update. If you (or someone else in your house) tend to put off updating to the latest version, you could still be at risk if the bug remains operative, or if other exploits arise. Often these sorts of problems encourage people to look for more security holes, whether for actual spying or just to amuse themselves by terrorizing the computer-using public with the fear of violation. And with every software update—arriving with increasing frequency—old problems vanish, but new ones also appear.
For another part, no matter its cause, this breach of trust will stack atop all the others that have come before, further eroding the foundation of computation. Times have changed for tech, and the default feeling people have for their devices and the services they provide is no longer eager excitement, but anxious concern. The paranoiacs were once on the fringes, spinning incredible tales of targeted persecution at the covert hands of corporate or government scoundrels. The truth turns out to be more boring, and therefore even more terrifying: When you constantly tweak computers and the software that runs on them in the hope of winning more customers using them more often, there’s more opportunity for something to go wrong.
There’s not much any one person can do about that state of affairs. You can obscure your laptop camera, but if you want to lead a normal and productive life in the world today, you can’t tape over your whole iPhone.
We want to hear what you think about this article. Submit a letter to the editor or write to firstname.lastname@example.org.