s********7
发帖数: 1280 | 1 小札是否可以出来踩俩脚 报一下厨师的仇
An Arizona teenager and his mother spent more than a week trying to warn
Apple Inc.(AAPL) of a bug in its FaceTime video- chat software before news
of the glitch -- which allows one FaceTime user calling another in a group
chat to listen in while the recipient's Apple(AAPL) device is still ringing
-- blew up on social media Monday.
In the days following their discovery, the pair posted on Twitter and
Facebook, called and faxed Apple(AAPL), and learned they needed a developer
account to report the bug. They eventually traded a few emails, viewed by
The Wall Street Journal, with Apple's(AAPL) security team.
But it wasn't until word of the bug started spreading more widely on social
media that Apple(AAPL) disabled the software feature at the heart of the
issue.
Michele Thompson said her 14-year-old son, Grant, discovered the issue Jan.
20. She said it was frustrating trying to get the attention of one of the
world's largest technology companies,
"Short of smoke signals, I was trying every method that someone could use to
get a hold of someone at Apple(AAPL)," said Ms. Thompson, 43, who lives
with her son in Tucson.
The bug, revealed while Apple(AAPL) is touting its commitment to user
privacy to distinguish itself from other big tech companies, affects
FaceTime software running on iPhones, iPads and Mac computers. It isn't
clear when the glitch originated, though it affects a multiperson video-chat
function called Group FaceTime that Apple(AAPL) launched in October 2018.
On Monday, New York Governor Andrew Cuomo took the unusual step of issuing a
consumer alert on the issue. "The FaceTime bug is an egregious breach of
privacy that puts New Yorkers at risk," he said in a statement.
Apple (AAPL) disabled the Group FaceTime feature late Monday. A spokeswoman
said late Monday Apple was aware of the issue and expected to release a
software fix this week.
Informed of Ms. Thompson's claims Tuesday morning, the spokeswoman declined
to comment further.
Grant, a high-school freshman, was setting up a FaceTime chat with friends
ahead of a "Fortnite" videogame-playing session when he stumbled on the bug.
Using FaceTime, Mr. Thompson found that as he added new members to his
group chat, he could hear audio from other participants, even if they hadn't
answered his request to join the chat.
He was surprised. That gave him a way of listening in on people without
their consent while calls were ringing, a period that typically lasts less
than a minute.
Grant did what any responsible teenage security researcher would do: He went
to mom. "I was interested to see if we could report to Apple(AAPL)," Grant
said.
Starting Sunday of last week, Ms. Thompson posted Twitter and Facebook
messages she hoped would be seen by Apple's(AAPL) social-media or support
team. She followed with a now-deleted Twitter message to Apple(AAPL) Chief
Executive Tim Cook. But Tuesday, she had faxed and phoned the company
directly.
Ms. Thompson finally spoke with an Apple(AAPL) support representative that
day about the bug. "He called me back and he really had no information," she
said. "He said there's really nothing I could do. You have to register as a
developer and submit it."
Apple's (AAPL) Bug Reporter program requires a person to sign in with an
Apple ID and a developer account, according to the company's website.
Ms. Thompson, who is an attorney, registered herself as an Apple(AAPL)
developer to participate in the program. Since 2016, Apple(AAPL) has paid
out cash bounties to researchers who discover significant bugs. Ms. Thompson
hoped she might secure a payout for her son, she said.
While companies are increasingly adding bug-bounty programs, they aren't
always integrating them with their social media and support teams, said
Katie Moussouris, CEO of Luta Security Inc., which advises companies on such
programs. " Apple(AAPL) has a good reputation for having solid engineering,
but that doesn't mean that the intake process is completely worked out,"
she said.
According to emails viewed by the Journal, Ms. Thompson heard back from
Apple's(AAPL) security team on Wednesday, Jan. 23. At around 11:15 p.m. on
Friday, she emailed them a description of the issue, along with a link to a
YouTube video in which she and her son demonstrated how to exploit the bug.
Late yesterday, Apple(AAPL) disabled the group chat function in FaceTime
after news of the bug was made public on social media. Security experts
recommend disabling FaceTime until Apple(AAPL) issues a patch; the company
expects to issue one later this week.
Ms. Thompson said she doesn't know how the bug was made public.
She isn't sure whether she or Grant will get a bounty or even a thank-you
note from Apple(AAPL) for their efforts. "It's just hard for the average
citizen to report anything," she said.
Write to Robert McMillan at [email protected] |
|
