Apple could reward teenager who discovered Group FaceTime exploit via its bug bounty program
Tuesday February 5, 2019. 12:15 PM , from Power Page
It looks like the teenager who discovered the Group FaceTime audio bug could be rewarded by Apple’s bug bounty program.
One week after social media picked up on a FaceTime exploit that allowed callers to eavesdrop on a recipient before the call is picked up, the original discoverer has been visited by an unnamed Apple executive.
“They also indicated that Grant would be eligible for the bug bounty program. And we would hear from their security team the following week in terms of what that meant,” said discoverer Grant Thompson’s mother Michele Thompson. “If he got some kind of bug bounty for what he found we’d certainly put it to good use for his college because I think he’s going to go far, hopefully. This is actually a field he was interested in before and even more so now.”
In an interview with CNBC’s Squawk Box, Grant stated that he will continue to use Apple’s product. He also stated that “every now and then something like this just falls through the cracks and can be found.”
Michele Thompson declined to identify the Apple executive in question.
The exploit has allowed users to begin hearing a FaceTime recipient’s audio prior to the call being accepted. When the call is “ringing,” the party can add themselves to the call as a third party by tapping Add Person and entering their own phone number. If properly executed, a Group FaceTime call is started and the original recipient’s audio begins to stream before the call is accepted.
Since the discovery of the bug and its drawing negative attention as of last week, Apple has disabled Group FaceTime, apologized for the bug, and stated that a fix is due this week.
Apple’s bug bounty program was announced in 2016, offering thousands of dollars as a reward to people discovering vulnerabilities in its products and services. The bounties range from $25,000 for access from a sandboxed process to user data outside of that sandbox to $200,000, awarded for secure boot firmware component discoveries.
It is unclear where on the scale the FaceTime bug sits on the scale, but it is likely to be on the lower end of the range overall.
Stay tuned for additional details as they become available.
May, Tue 21 - 03:35 CEST