The bug could easily be reproduced and exploited.
Apple has already disabled Group FaceTime, the feature that contained the bug, on its servers.
But you shoulddisable FaceTimeon your devices for good measure until Apple fixes the flaw.)
40% off TNW Conference!
Apple has one of most robust software development processes.
Each of its products go through extensive testing to check that they dont have functional or security flaws.
Its iOS App Store is one of the most secure online software markets.
But Apple is also a walled garden.
All its applications are closed-source, which means only its own developers and security experts analyze and test them.
Theres no independent review and testing of its applications.
For all its worth, it could have been an honest mistake.
Well never know because Apple has opted for security through obscurity.
We also dont know when the bug was introduced.
According to reports, the bug existed on any gadget running iOS 12.1 or later.
Its hard to imagine such an evident bug remaining undiscovered for such a long time.
Again, unless Apple decides to make the information public, well never know.
Had FaceTime been an open-source app, independent experts could have examined and vetted its code.
While open-source applications are far from perfectly secure, at least theyre perfectly transparent.
We would at least know that it was an honest mistake.
Neither can Google or Samsung or other manufacturers of smartphones.
Since their invention, telephones have evolved from mechanical devices to becoming fully featured computing devices.
And then he held up his iPhone and said, This is not a phone.
This is a computer that makes phone calls.
Schneier also said, complexity is the worst enemy of security.
Complex systems are hard to secure for an hours worth of reasons.
Computers and computer software are among the most complex systems.
An old telephone consists of a few dozens of parts.
An app like FaceTime possibly consists of hundreds of thousands of lines of code spread across hundreds of modules.
Finding and fixing flaws in voice call app is orders of magnitude harder than troubleshooting an old telephone.
Schneier also touched upon another important point: There are new vulnerabilities in the interconnections.
The more we connect things to each other, the more vulnerabilities in one thing affect other things.
Also, the FaceTime development team probably uses general-purpose libraries written by other programmers at Apple.
Code and component reuse is a common practice in software companies.
It saves time, it saves money and makes the entire development process much more efficient.
Thats the bigger and creepier threat that islooming large on the horizon.
What must we do?
Next, we must take measures to ensure the security of our products.
