Apple’s Group FaceTime bug that went viral Monday, allowing callers to listen in on unsuspecting recipients took the world by surprise. But someone actually tried to warn the electronics giant about it. Last week.
A Twitter user by the handle of @MGT7500, and identified by The Wall Street Journal as Michele Thompson, wrote on the social media platform on Jan. 20, tagging Apple’s Support page as well as Fox News to try and attract media attention.
“My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval,” Thompson wrote, “I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews.”
After news of the bug went viral Monday night, fellow Twitter user John H. Meyer discovered Thompson’s tweet, reaching out and sharing the video evidence that the bug was, indeed, exploitable last week.
According to the Journal, the bug was discovered by Thompson’s son Grant while he was playing “Fortnite” and FaceTiming with friends.
More: Worried about FaceTime eavesdropping bug? How to disable the app
More: Apple FaceTime bug lets people eavesdrop on your iPhone or Mac without your knowledge
Meyer, a venture capitalist at Transpire Ventures, tells USA TODAY in a Twitter direct message that after quickly looking over Thompson’s profile he realized “that she’s been trying for a week to bring attention to this by tweeting at Apple and many different news orgs,” with Meyer eventually speaking with Thompson over the phone Tuesday morning.
In subsequent tweets, Meyer, who has over 9,100 followers on the platform and is a “verified” user, shared additional information. Thompson, Meyer says, is an attorney based in Arizona and the mother of a 14-year old who discovered the bug “around” Saturday, Jan. 19.
While Thompson tweeted at Apple on Jan. 20, she also sent a formal notice to the company on Jan. 25 alerting them of the bug. Meyer shares screenshots provided by the mother, including an email sent to Apple’s firstname.lastname@example.org email address that the company lists as a way for users to report issues to the company.
The email notes it includes a link to the private, unlisted YouTube video posted on Jan. 23 demonstrating the exploit.
In subsequent tweets, Thompson says that Apple wanted her to register as a developer to submit the bug report, which she did even though she is not “tech savvy.”
Meyer even shared a screenshot of the bug report the mother sent to Apple on Jan. 25.
In responding to other users on Twitter, the mother notes that while she wanted her son to be rewarded for discovering the bug — some tech companies offer thousands of dollars to people who report issues as an incentive — she says that she did call and fax the company details of the exploit.
After news of the bug went viral Monday Apple finally disabled Group FaceTime late Monday night. The company said in a statement provided to USA TODAY and other media outlets Monday night that it is “aware of this issue and we have identified a fix that will be released in a software update later this week.”
Apple did not immediately respond to a request for comment from USA TODAY when asked about Thompson’s attempts.
As for Meyer, he says he was “was absolutely baffled that this could be the case.”
“I thought it was fake at first, before I then successfully replicated the issue by calling my girlfriend. When I learned very early this morning that this was discovered by a 14 year old, who’s mom then spent multiple days trying to bring this to attention at Apple, I was even more surprised (and quite angry),” he writes in a Direct Message message with USA TODAY.
“Angry at the fact that she seemed to be ignored for quite a bit of time… While reporting an issue that could affect millions of people’s privacy, as well as our national security,” noting that government workers use iPhones.
Follow Eli Blumenthal on Twitter @eliblumenthal