MAJOR FaceTime Bug!

There is a new FaceTime bug that has been announced. The bug allows any third party to be able to hear the audio of another user’s device WITHOUT accepting the FaceTime call.

The steps are incredibly easy to perform also. I’m listing the steps below for educational purposes only. The steps to test this are below:

  1. Initiate a FaceTime video call with someone.

  2. While the call is ringing, swipe up from the bottom of the display.

  3. Tap on the “Add Person” button.

  4. Add your own phone number to the call.

There is no known fix at this time besides disabling FaceTime, which is what I recommend. Apple states that this will be addressed later this week. To disable FaceTime until this is patched, perform the following steps:

  • Open your Settings app
  • Go to FaceTime
  • The first option toggle switch will disable FaceTime.

 

Additional links and reading:

https://www.theverge.com/2019/1/28/18201383/apple-facetime-bug-iphone-eavesdrop-listen-in-remote-call-security-issue

 

EDIT: While this could have turned into a much bigger deal, Apple fixed this on the FaceTime servers by disabling the newly implemented Group FaceTime feature until a patch was released. Due to the quick response by Apple this wasn’t an issue for long.

 

UPnProxy

UPnProxy is an exploit that can be used by attackers to obfuscate attacks and perform illegal actions through a large proxy network of affected devices. UPnP stands for Universal Plug and Play. In short, UPnP was created to ease configuration of network devices. If a router has UPnP enabled a device can negotiate a port for it to get out to the internet without human interaction. There have been an abundance of security issues regarding UPnP, see a startling list of CVEs here.  Unfortunately, some devices are susceptible to accepting UPnP requests from the internet. UPnProxy takes advantage of UPnP across a router’s WAN connection enabling attackers  to use vulnerable devices for a number of purposes.

Akamai published a white paper in April of 2018. The article gives details of the history of the attack, affected devices, and remediation. In short, if your device is affected it is recommended to replace it, disable UPnP, or place a firewall in front of the device if replacement isn’t an option.  Note that disabling UPnP can make some services (such as gaming and streaming) not work properly without additional configuration.

Additional information can be found at a post titled “Hiding Through a Maze of IoT Devices” on @x0rz blog.

Steve Gibson also created a tool called ShieldsUp that can check your router/gateway against UPnP responses over the internet. Check that out here.

tl:dr – Visit Akamai’s white paper (link here) and see if your device is affected (pages 15-17). If your device is on the list, replace it.

 

EDIT: I want to piggyback some information onto this post. UPnProxy is being utilized further recently. UPnProxy: EternalSilence is mapping external ports to internal SMB ports to expose further vulnerabilities inside of a network. Akamai has posted a more recent article with this information.