APPLE has disabled a major feature on the Apple Watch after learning it could be used to spy on iPhone owners.
The Walkie-Talkie app – which has now been switched off – could remotely listen in to an iPhone through its microphone, Apple has warned.
Apple has apologised for the privacy blunder, and says it is now working on a fix.
However, the company hasn’t released full details of the bug, which means it’s impossible to know exactly how it worked.
“We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue,” said Apple in a statement.
“We apologise to our customers for the inconvenience and will restore the functionality as soon as possible.”
The bug makes use of the Walkie-Talkie feature, a relatively new Apple Watch app that lets you voice-chat with other smartwatch owners.
It was added last year with the release of watchOS 5, and is only supposed to allow willing participants to chat with each other.
But an unknown flaw means that the feature obviously didn’t work as intended, and could be exploited by snoopers.
“Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously,” explained.
“We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent.
“We apologise again for this issue and the inconvenience.”
The Walkie-Talkie app is still installed on Apple Watch smartwatches, but calls will no longer go through.
Apple Watch privacy bug – what do the experts say?
Here’s insight from Brian Higgins, security specialist, Comparitech.com:
- “This is another alarming example of the ‘sell it first and fix it later’ attitude that the major tech firms take towards their consumers.
- “It’s become common business practice to launch unsafe and poorly tested software into the world and companies like Apple are happy to take the reputational hit when users report back to them that they’ve failed to secure their product yet again.
- “It’s all very well ‘quietly pushing out’ updates but it’s manifestly unfair on the end user to expect them to do the job their [developer cybersecurity] teams should be doing for them.
- “If Apple invested in some [developer cybersecurity] for a change, people might feel slightly better about them the next time this happens.”
The gaffe comes just months after Apple was forced to disable a FaceTime calling feature due to a major privacy flaw.
In January, it emerged that FaceTime Group Calling could be exploited to let snoopers listen in on an iPhone owner.
Apple was criticised at the time for being too slow to respond to the bug.
However, it appears to have acted much quicker with the Walkie-Talkie flaw.
And only yesterday, Apple deleted Zoom server software from all Macs globally after an entirely separate bug.
The issue – which was a problem with the Zoom video chat app rather than with Apple’s own software – let crooks turn Mac webcams on remotely.
The series of blunders will be very concerning to Apple execs, because the firm has tried hard to brand itself as being more privacy-conscious than rivals.
Apple even took a dig at Google and Amazon with a giant data privacy billboard at January’s CES 2019 tech convention.
We’ve asked Apple for more information about the incident and will update this story with any response.
Check out our full review of the new Apple Watch 4.
Read about how a man’s life may have been saved by the revolutionary Apple Watch ECG feature.
And find out what to expect from the rumoured Apple Watch 5.
Do you trust your gadgets to protect your privacy? Let us know in the comments!