Apple’s recent FaceTime bug has caught the attention of a group of concerned U.S. lawmakers who said they’re “deeply troubled” by the “significant privacy violation.”
The House of Representatives’ Energy and Commerce Committee and its sub-committee on consumer protection this week sent a letter to Apple CEO Tim Cook asking for more information about a range of issues related to the incident, and why the matter wasn’t dealt with more quickly.
The bug, which let FaceTime users eavesdrop on the person they were calling, hit the headlines at the end of last month, prompting Apple to disable the software’s group-call feature through which the flaw could be exploited.
But it soon emerged that Apple had been contacted multiple times about the issue by 14-year-old Grant Thompson and his mother in the week leading up to Apple’s acknowledgement of the bug’s existence. But the company never responded to their initial messages.
In the letter, the lawmakers said they were writing to “better understand when Apple first learned of this security flaw, the extent to which the flaw has compromised consumers’ privacy, and whether there are other disclosed bugs that currently exist and have not been addressed.”
The lawmakers then listed six questions on the above matters, adding that it was important for Apple to be transparent about its investigation into the FaceTime flaw and to make clear what steps it’s taking to protect consumers’ privacy.
Arizona resident Michele Thompson said her son, Grant, stumbled upon the issue by chance in mid-January when he was trying to contact friends using Apple’s video chat app. She said she attempted to contact the tech company a number of times — including emailing and tweeting Apple CEO Tim Cook — but received no response.
Thompson eventually made contact after setting up a developer account, saying later that Apple’s reporting process was “poorly set up, especially for the average citizen.” She told CNN that the experience of trying to contact the iPhone maker had been “exhausting and exasperating.”
An Apple executive has since met with the pair in person to discuss the issue while at the same time confirming that Grant is eligible for a cash reward via the company’s bug bounty program.
Apple said last week that it had fixed the vulnerability and would issue a software update this week to re-enable FaceTime’s group call feature. In a statement, the company insisted that “as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix,” adding, “We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.”
The lawmakers said they expect a written response from Apple by February 19.