Apple has temporarily disabled the ‘Walkie Talkie’ iOS app for Apple Watch after a vulnerability was revealed that could allow a third party to eavesdrop on your iPhone.
The app lets two users who accept invites from each other to send and receive audio chats by way of a ‘push to talk’ interface not unlike ‘PTT’ buttons on ’90s-era cellphones.
Here’s Apple’s statement on the vulnerability and their decision to disable the app:
We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.
“Apple was alerted to the bug via its report a vulnerability portal directly and says that there is no current evidence that it was exploited in the wild,” Matthew Panzarino at TechCrunch reports:
The company is temporarily disabling the feature entirely until a fix can be made and rolled out to devices. The Walkie Talkie App will remain installed on devices, but will not function until it has been updated with the fix.
Earlier this year a bug was discovered in the group calling feature of FaceTime that allowed people to listen in before a call was accepted. It turned out that the teen who discovered the bug, Grant Thompson, had attempted to contact Apple about the issue but was unable to get a response. Apple fixed the bug and eventually rewarded Thompson a bug bounty. This time around, Apple appears to be listening more closely to the reports that come in via its vulnerability tips line and has disabled the feature.
Earlier today, Apple quietly pushed a Mac update to remove a feature of the Zoom conference app that allowed it to work around Mac restrictions to provide a smoother call initiation experience — but that also allowed emails and websites to add a user to an active video call without their permission.