Apple Says 'Walkie-Talkie' App Could Be Exploited to Spy on iPhones and Has Now Been Temporarily Disabled
An Apple Watch app used to send voice messages between devices has been disabled due to a vulnerability which could be abused to snoop on iPhones.
The official software, known as Walkie-Talkie, uses a "push to talk" function to let smartwatch users send and receive small snippets of audio. But the tech giant says a bug was recently found which could let someone listen to another user's iPhone without their permission.
Apple told TechCrunch, which first reported the security flaw, that it had no evidence the bug had been actively exploited by hackers and said a fix was now being developed for the app.
The firm said: "Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer's iPhone without consent. We apologize again for this issue and the inconvenience."
Technical details of the software issue have not yet been released.
TechCrunch reported the Walkie-Talkie software will not fully disappear from smartwatches but its primary functions will not work until a patch has been pushed to customers. Apple did not respond on the record to a request for comment asking when the app would again be available.
It's not the only bug that the Tim Cook-led company has been forced to respond to this week. On Monday, researcher Jonathan Leitschuh found an issue in the video conferencing software Zoom which let websites enable MacBook cameras without consent.
Zoom was criticized by cybersecurity experts for its response to the bug report, which it deemed as low risk. The Verge reported this week that Apple is now taking action to remove the software at the center of the problem—a web server that was deployed onto MacBook computers, intended to circumvent a security feature and save end-users having to go through an extra click.
Amid social media backlash, the video calling company pushed out its own update on Tuesday, saying in a statement: "We appreciate the hard work of the security researcher in identifying security concerns on our platform. As a result, we have decided to make the updates to our service." Once run, the fix would remove the web server entirely and let users manually uninstall Zoom.
In January, Apple was forced to take Group FaceTime offline after the discovery of a bug which could leak audio of another person—even if they didn't pick up the call, 9to5Mac reported at the time.