A pair of members of the U.S. House of Representatives have sent a letter to Apple CEO Tim Cook demanding answers to questions related to the Cupertino firm’s Group FaceTime security problem.
House Energy and Commerce Chairman Frank Pallone (D-NJ) and Representative Jan Schakowsky (D-IL) sent a letter to Cook asking about the origins of the bug, and its impact on customer privacy. The duo also asked about the possibility of other issues with the service that hasn’t been publicly announced.
The letter also suggests Apple has been less than transparent about the investigation into the FaceTime security flaw, and that the company has failed to disclosed detailed steps that are being taken to protect consumers.
The duo asked the following of Cook:
- When did your company first identify the Group FaceTime feature’s vulnerability that enabled individuals to access the camera and microphone of devices before accepting a FaceTime call? Did your company identify the vulnerability before being notified by Mr. Thompson’s mother? Did any other customer notify Apple of the vulnerability?
- Please provide a timeline of exactly what steps were taken and when they were taken to address the vulnerability after it was initially identified.
- What procedures and testing were in place, and what procedures are now in place, to identify such vulnerabilities prior to the release of a consumer product? Why did those procedures fail in this case? What steps are being taken to improve pre-launch testing in the future?
- Why did it take so long for Apple to address the Group FaceTime feature vulnerability once it was discovered and reported to Apple by Mr. Thompson’s
- What steps are being taken to identify which FaceTime users’ privacy interests were violated as a result of this vulnerability? Does Apple intend to notify and compensate those consumers for the violation? When will Apple provide notification to affected consumers?
- Are there other vulnerabilities in Apple devices and applications that currently or potentially could result in unauthorized access to microphones and/or cameras? If so, how is Apple addressing each such vulnerability?
Reports of a major Group FaceTime security flaw first surfaced last week on Twitter. The bug affects users of iOS up to the latest version available to the public. The security flaw allows a FaceTime caller to eavesdrop on another user, even if that user doesn’t accept the call. In some cases, the callers can even see video from the other person’s iPhone.
Apple disabled the Group FaceTime service on their servers as a stop-gap solution until the bug could be fixed. The iPhone maker announced last week that an iOS update would be released this week that would fix the problem.
Representatives Pallone and Schakowsky ask Apple to respond to their questions in writing by Feb. 19.