Michele Thompson and her teenage son Grant Thompson tried to warn Apple about a FaceTime bug that allowed callers to listen in on unsuspecting recipients even if they did not answer a week before Apple took action.
Grant Thompson, 14, discovered the bug on January 19 when he called his friend Nathan, who did not respond, he told ABC News. When Thompson went to add another friend, Diego, to the call, the now-disabled group FaceTime feature immediately connected him to Nathan even though he hadn’t picked up.
Michele Thompson wrote to Apple on Twitter about the glitch and reported it to Apple Support. She repeatedly forwarded the bug to news organizations and posted a video of the glitch on YouTube.
The company did not disable the feature until Monday, January 28.
Here’s what you need to know:
1. Grant Thompson Discovered the FaceTime Bug on January 20 While Playing Fortnite
On January 20, Grant Thompson was playing the game Fortnite at his Tucson, Arizona home when he discovered the bug while calling his friends.
“I stumbled upon this glitch that like the whole world knows about now,” the teen told ABC News.
The bug affected FaceTime’s new group call feature. Thompson tried to reach his friend Nathan, who was not answering, so he added his friend Diego to the call and discovered that it immediately connected him to Nathan even though he had not picked up.
“Once I added Diego, it forced my first friend Nathan to join [the FaceTime call],” Thompson told ABC News. “He hadn’t answered yet, but it had that answering ring tone, and so I said, ‘Hey, Nathan, what’s up?'”
“He was like, ‘Grant? You can hear me?” Thompson recalled in the interview. “He told me that he never even answered the call, yet both of us could hear each other crystal clear.”
The three friends spent a half hour recreating what happened and the same issue occurred each time.
“We were all shocked,” Thompson said. “We realized this was an actual bug that forced people to answer the calls.”
Thompson said his mom Michele was skeptical of his discovery.
“At first she was pretty suspicious, she didn’t really believe that I found a glitch,” he said. “I used my phone, her phone and my sister’s phone to make my mom’s phone force answer, without ever clicking ‘Accept.’ And once that happened, she believed that I could really do this.”
2. Michele Thompson Reported The Bug to Apple a Week Before They Took Action
That same day, Michele Thompson tweeted Apple from her handle @MGT7500.
“My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval,” Thompson wrote, “I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews.”
Thompson told ABC News that she tried to get Apple’s attention by forwarding the issue to their bug bounty program, which offers rewards for finding glitches in its software.
“I knew [Apple] had a bounty reward program, they had a security manual that was 80 pages that I looked at,” Michelle Thompson told ABC News in an interview Tuesday night. “I didn’t know if this qualified, and by no means am I a tech expert.”
“I do wish they had a better process to let a citizen report a bug,” she added, “because it was a pretty complicated process.”
3. Thompson’s Tweets Were Discovered After Apple Disabled The Feature
It was not until January 28 that Apple disabled the Group FaceTime feature after reports of the bug flooded social media.
“We’re aware of this issue and we have identified a fix that will be released in a software update later this week,” an Apple spokesperson said in a statement to ABC News on Monday.
Twitter user John H. Meyer discovered Thompson’s tweet and other evidence she had posted after the news went viral.
Along with Thompson’s initial tweet, he posted a video she had uploaded to YouTube on January 23 showing how the bug worked.
“Here is a video, recorded & sent to Apple by a 14 yr old & his mom, on JAN 23rd, alerting them to the dangerous #FaceTime bug, that has threatened the privacy of millions,” Meyer wrote. “I’ve removed sensitive / private info on behalf of the mother (an attorney), whom I just spoke to.”
After speaking with Michele Thompson, Meyer wrote that she had also sent a formal notice to the company about the bug on January 25.
4. Apple Reached Out To Thompson Over a Week Later
Apple did not respond to Michele Thompson’s repeated alerts until January 28.
“It said, ‘Dear Michele, we’ve received your bug report. We like to give credit to those who find bugs on our website. We’d like to know what name you’d like us to use.’ And that’s all it said,” she told ABC News. “I think we’ve done our part, I reached out to them. I would love to talk with them further.”
5. New York Launches Investigation Into FaceTime Bug and ‘Slow Response’
On Wednesday, New York Governor Andrew Cuomo and Attorney General Letitia James announced the state would investigate Apple’s failure to notify customers of the bug and its “slow response” in addressing the issue.
“New Yorkers shouldn’t have to choose between their private communications and their privacy rights,” James said in the release.
Meyer told USA Today that he “was absolutely baffled” that Apple ignored Thompson’s repeated warnings.
When I learned very early this morning that this was discovered by a 14 year old, who’s mom then spent multiple days trying to bring this to attention at Apple, I was even more surprised (and quite angry),” he told the outlet. “Angry at the fact that she seemed to be ignored for quite a bit of time… While reporting an issue that could affect millions of people’s privacy, as well as our national security.”