Tuesday, May 20, 2025, 12:48PM |  52°
MENU
NEWSLETTERS
Jason Mackey: Don Kelly and the Pirates can learn a lot from New Brighton native Terry Francona
Expansive plans for Cultural District include new restaurants and entertainment venues
Editorial: More Pennsylvanians should be allowed to vote in primary elections, like today's
Man shot, wounded outside UPMC McKeesport
They rescue groundhog chucklings, opossum joeys and cottontail bunnies but leave fawns alone
High-stakes Pittsburgh mayor’s race, key court seats on the ballot as voters head to the polls
Homepage
This Just In
Chats
Weather
Traffic
Event Guide
PG Store
RSS Feeds
PGe
The Digs
Video
Photos
Man shot, wounded outside UPMC McKeesport
High-stakes Pittsburgh mayor’s race, key court seats on the ballot as voters head to the polls
Stargazing: A new player is entering the rapidly expanding space flight industry
Pennsylvania progressive group pressures John Fetterman to resign
Report: Nippon Steel doubles investment pledge in U.S. Steel
New restaurants, storefronts and entertainment venues planned for Cultural District
News Home
Crime & Courts
Politics
Education
Health & Wellness
Transportation
State
Nation
World
Weather News
Obituaries
News Obituaries
Science
Environment
Faith & Religion
Social Services
Man shot, wounded outside UPMC McKeesport
Expansive plans for Cultural District include new restaurants and entertainment venues
Kelly Critic Review: ‘Disney's The Little Mermaid,’ Montour High School
Kelly Critic Review: ‘Something Rotten!,’ Riverview Junior-Senior High School
'All guts, all feel': The Gotobeds deliver a 'Masterclass' in indie/noise rock
High-stakes Pittsburgh mayor’s race, key court seats on the ballot as voters head to the polls
Local Home
City
Region
East
North
South
West
Washington
Westmoreland
Obituaries
Classifieds
Public Notices
Jason Mackey: Pirates have failed Paul Skenes — and everyone else — with woeful plan and execution
Penguins' patient coaching search expected to heat up in the next 2 weeks
3 takeaways: Pirates inability to 'make plays' in field, at the plate waste another quality outing from Mitch Keller
Instant analysis: Pirates bats remain quiet in blowout loss to Reds
WATCH: Is Steelers' DK Metcalf a more complete WR1 than George Pickens?
Jason Mackey: Don Kelly and the Pirates can learn a lot from New Brighton native Terry Francona
Sports Home
Steelers
Penguins
Pirates
2025 U.S. Open
Sports Columns
Gene Collier
Jason Mackey
Joe Starkey
Paul Zeise
Pitt
Penn State
WVU
North Shore Drive Podcast
Riverhounds
Sports Betting
Fantasy Football
NFL
NHL
MLB
NBA
NCAA
College Sports
High School Sports
Editorial: More Pennsylvanians should be allowed to vote in primary elections, like today's
Bruce Ledewitz: Fairness and good finances require a property tax assessment
Adriana E. Ramírez: Pittsburgh, it’s time to change the mood
Matt Smith and Luke Berenstein: Water for the public needs the private sector
Steve H. Hanke and Caleb Hofmann: Restricting Pittsburgh to a public water authority will hurt the city
Nicholas Kristof: America wasted $7 billion bombing Yemen
Opinion Home
Editorials
PG Columnists
Special to the PG
Insight
Letters
Op-Ed Columns
Kelly Critic Review: ‘Something Rotten!,’ Riverview Junior-Senior High School
Kelly Critic Review: ‘Disney's The Little Mermaid,’ Montour High School
New this week: 'Dead Reckoning,' 'Lilo & Stitch,' Joe Jonas album and more
Best Pittsburgh concerts this week: Barry Manilow, Sessanta, Parliament/Funkadelic and more
Kelly Critic Review: ‘We Will Rock You,’ Shady Side Academy
'All guts, all feel': The Gotobeds deliver a 'Masterclass' in indie/noise rock
A&E Home
Celebrities
Movies
TV & Radio
Music
Concert Listings
Theater & Dance
Art & Architecture
Books
Events
They rescue groundhog chucklings, opossum joeys and cottontail bunnies but leave fawns alone
Stargazing: A new player is entering the rapidly expanding space flight industry
At the North Side's comfort-food-forward Fry Bar, even the sauces are scratch-made
Zac’s Sweet Shop available at two Pittsburgh spots
Locally roasted Brave Bean coffee is now available at Giant Eagle, Market District
5 s'mores recipes you'll want to try this summer
Life Home
Food
Dining
Recipes
Drinks
Buying Here
Homes & Garden
goodness
Random Acts of Kindness
Seen
Outdoors
Style & Fashion
Travel
Holidays
Zac’s Sweet Shop available at two Pittsburgh spots
Report: Nippon Steel doubles investment pledge in U.S. Steel
Here’s what to know about the bond markets’ latest moves
Stocks, bonds and the dollar drift after the latest downgrade to the U.S. government’s credit rating
Trump's tariff onslaught casts shadow over European economy, even in best-case scenario
New restaurants, storefronts and entertainment venues planned for Cultural District
Business Home
Building PGH
Your Money
Business of Health
Powersource
Workzone
Tech News
Business / Law
Other Business
Consumer Alerts
Top Workplaces
MENU
SECTIONS
OTHER
CLASSIFIEDS
CONTACT US / FAQ
Advertisement
In this file photo, the logo of FaceTime, second in the second row from top, is pictured on an iPhone screen in Berlin on Jan. 29, 2019.
1
MORE

A 14-year-old found Apple’s FaceTime bug before it went viral

Odd Andersen/AFP/Getty Images

A 14-year-old found Apple’s FaceTime bug before it went viral

Heather Kelly
CNN
Jan 31, 2019
10:30 AM
0

Fourteen-year old Grant Thompson was just trying to play video games with friends on a day off from school when he made an alarming discovery: a bug in Apple's FaceTime tool that could turn iPhones into eavesdropping devices.

On Monday, more than a week later, Apple disabled its Group FaceTime feature after other users detected the bug and posted videos of it in action on social media.

Apple told CNN Business in a statement it identified a fix for the issue and plans to roll out a software update later this the week.

Advertisement

In the nine days between Grant discovering the bug and Apple publicly addressing it, Grant's mom, Michele Thompson, said she tried everything she could think of to get Apple's attention. She emailed, called, tweeted at CEO Tim Cook and even faxed a letter on her law firm's letterhead.

An attorney in Tucson, Ariz., she wanted to make sure Apple fixed the problem before it fell "into the wrong hands."

On Jan. 20, she posted about the issue on Facebook and Twitter: "My teen found a major security flaw in Apple's new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff!"

She was careful not to share too many details on social media, so people wouldn't know how to recreate it.

Advertisement

On Friday, Grant's mother emailed a bug report and a video to a representative in Apple's Product Security department. Ms. Thompson hadn't heard back before the bug's discovery blew up on social media.

"It's exhausting and exasperating," Ms. Thompson said of the reporting process. "It's very poorly set up especially for the average citizen. I feel like I went above and beyond."

Her son discovered the glitch when he FaceTimed a friend who didn't pick up. He swiped up on his iPhone to add a friend to the Group chat, a feature that until it was disabled worked on iPhones and iPads running iOS 12.1, and Apple PCs running macOS Mojave.

Grant realized he could hear everything coming through the first friend's iPhone, even though that person hadn't answered. The friends immediately tried to recreate what happened. In some cases, users said, the bug could even access a recipient's camera.

"We tested a few more times and found out we could get people to force answer FaceTime calls," Grant told CNN Business. "After we confirmed that it worked, I went and told my mom."

A freshman in high school, Grant told CNN Business he's "pretty into technology and stuff," and thinks it would be cool if Apple acknowledged his find.

Like many tech companies, Apple has a bug bounty program that offers financial rewards for some discoveries. The program, launched in 2016, pays up to $200,000 for detecting bugs, but some third-party companies will offer more.

Bug reports go through Apple's developer site, but the company told Ms. Thompson nondevelopers can use it. However, most companies don't have a public-facing way to report these types of bugs.

"Apple has a clear reporting channel, and even pays rewards for certain bugs -- a.k.a. bug bounties -- but these channels are likely only obvious if you're in the security industry and already know where to go to report. [It's] not so clear for consumers," Katie Moussouris, the CEO of Luta Security, which helps companies and governments work with hackers, said in an email. "Except in this case, the customer support team and the social media team (and whoever got that fax) didn't quite know how to remove obstacles and friction from the reporting process."

It's important for companies and government agencies to have a public-facing way to report bugs, according to Marten Mickos, CEO of HackerOne, a cybersecurity firm that connects security researchers with companies.

"Even if millions of people find nothing to report, and thousands may report something that isn't really a bug, it still is worth it when just one person finds and can describe the bug," Mr. Mickos said.

Apple did not respond to a request for comment about the Thompsons' bug report or if other users flagged the issue.

"Even if the bug had gotten to the right people on day one after discovery, under normal operations, the investigation alone might take a few days or longer for complex issues, let alone creating and testing a fix," said Ms. Moussouris.

Mr. Mickos said giving rewards serves a good purpose, such as setting a good example for everyone else and showing the company values cybersecurity, he said.

After detecting the bug, Grant told his mom he was hoping to get a MacBook Pro, an iPhone X and some AirPods as a reward for spotting the bug. Although she said they didn't report the issue for a reward, she believes Apple should acknowledge her son.

"Apple should reward people for reporting things of this nature -- not just reward the developers or the people who are savvy with tech," said Thompson. "I think just thanking him would be great," she said.

First Published: January 31, 2019, 10:30 a.m.

RELATED
SHOW COMMENTS (0)  
Join the Conversation
Commenting policy | How to Report Abuse
If you would like your comment to be considered for a published letter to the editor, please send it to letters@post-gazette.com. Letters must be under 250 words and may be edited for length and clarity.
Must Read
news
Two competitive races could shape Allegheny County Council’s future
LaShawn Espy drizzles sauce onto one of the Fry Bar Sammichez, the Old Bay chicken.
life
At the North Side's comfort-food-forward Fry Bar, even the sauces are scratch-made
Pittsburgh Pirates starting pitcher Paul Skenes heads to the dugout after finishing the eighth inning of a baseball game against the Philadelphia Phillies, Sunday, May 18, 2025, in Philadelphia.
sports
Paul Zeise: Pirates' best course of action? Blow it up and start another 5-year plan
From Our Sponsors
Sponsored
Sponsored
Sponsored
Partners
Advertisement
TRENDING
Sen. John Fetterman (D-PA) speaks during a Senate Transportation Committee hearing to examine FAA reauthorization and aviation safety on May 14, 2025 on Capitol Hill in Washington, DC. Following a fatal midair collision at Ronald Reagan Washington National Airport earlier this year, aviation safety remains a major concern, especially as Newark Airport continues to grapple with air traffic controller shortages and a radar outage last week.
1
news
Pennsylvania progressive group pressures John Fetterman to resign
Mon, May 19, 2025, 9:18pm Benjamin Kail
Pittsburgh Pirates starting pitcher Paul Skenes heads to the dugout after finishing the eighth inning of a baseball game against the Philadelphia Phillies, Sunday, May 18, 2025, in Philadelphia.
2
sports
Paul Zeise: Pirates' best course of action? Blow it up and start another 5-year plan
Mon, May 19, 2025, 11:12pm Paul Zeise
A view of Downtown Pittsburgh with PNC Park in the foreground. The Downtown Neighbors Alliance on Monday unveiled an expansive plan to revamp a portion of Liberty Ave, which includes new restaurants, storefronts and entertainment venues.
3
business
Expansive plans for Cultural District include new restaurants and entertainment venues
Tue, May 20, 2025, 9:30am Madaleine Rubin
Terry Francona doesn’t want his major league players to waste their time with the Automated Ball-Strike System this year.
4
sports
Jason Mackey: Don Kelly and the Pirates can learn a lot from New Brighton native Terry Francona
Tue, May 20, 2025, 8:00am Jason Mackey
Pirates pitcher Mitch Keller delivers during the second inning. Keller went six innings, allowing six hits and just one earned run in his sixth loss of the season.
5
sports
3 takeaways: Pirates inability to 'make plays' in field, at the plate waste another quality outing from Mitch Keller
Tue, May 20, 2025, 3:19am Noah Hiles
In this file photo, the logo of FaceTime, second in the second row from top, is pictured on an iPhone screen in Berlin on Jan. 29, 2019.  (Odd Andersen/AFP/Getty Images)
Odd Andersen/AFP/Getty Images
Advertisement
LATEST business
Advertisement
Pittsburgh skyline silhouette
Copyright © 1997-2025 PG Publishing Co. All rights reserved
TOP
Email a Story