Apple Disables Walkie-Talkie App Due to Eavesdropping Flaw | Threatpost

Apple has temporarily disabled the Walkie-Talkie feature from the Apple Watch due to a vulnerability that could allow potential attackers to eavesdrop in on iPhone calls, a TechCrunch report said.

The Apple Watch Walkie-Talkie app allows users to converse with friends in real-time, without having to make a phone call, simply by pressing a button on their watches, talking into it, and releasing to listen for the reply. Apple added the feature to the watch in 2015 in its WatchOS 5 update.

The bug could allow someone to listen through another customer’s iPhone without consent, Apple told TechCrunch. Further details about the specifics of the vulnerability and how it could be exploited have not yet been made public, however, Apple did confirm to TechCrunch on Thursday that it has disabled the feature on Apple Watch while it works to fix the issue.

According to Apple’s statement to the tech outlet, “We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible.”

Apple said in its statement it is not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it. According to reports, the flaw was discovered and reported through Apple’s vulnerability portal on its website.

The issue is similar to another Apple incident earlier this year where the phone giant had to make Group FaceTime temporarily unavailable following a major flaw discovered in the feature.

The bug – which has since been fixed–  allowed anyone with iOS to FaceTime other iOS users and listen in on their private conversations – without the user on other end rejecting or accepting the call. The bug makes use of a new function presented in FaceTime as part of iOS 12.1, called Group FaceTime.

Beyond that issue, Apple has also dealt with an array of vulnerabilities across its products in the past few months – including an iMessage bug last week that could brick iPhones running older versions of the company’s iOS software; and a flaw disclosed in June that allowed hackers to mimic mouse-clicks to allow malicious behavior on macOS Mojave.

Apple did not respond to a request for comment from Threatpost asking for further details about the vulnerability and timeline of the fix.

Don’t miss our free live Threatpost webinar, “Streamlining Patch Management,” on Wed., July 24, at 2:00 p.m. EDT. Please join Threatpost editor Tom Spring and a panel of patch experts as they discuss the latest trends in Patch Management, how to find the right solution for your business and what the biggest challenges are when it comes to deploying a program. Register and Learn More