New Eavesdropping Vulnerability Forces Apple to Temporarily Shut Down Walkie Talkie App

After a serious privacy bug was discovered in FaceTime earlier this year, creating a major debacle with lawmakers and users, it looks like Apple isn’t taking any chances when it comes to potential eavesdropping vulnerabilities. The company has discovered a similar bug in the Walkie Talkie app on the Apple Watch, and this time it’s proactively shut down the Walkie Talkie service on to hopefully avoid a repeat of the same furor that arose earlier this year.

According to TechCrunch, Apple has been made aware of a bug that could allow someone to listen through another user’s iPhone without their knowledge or consent. As a result, the company has disabled the use of the Walkie Talkie app, which like FaceTime runs conversations through the company’s servers.

We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.

Apple, in a statement to TechCrunch

Apple said that it was made aware of the vulnerability privately via its reporting system, and it sounds like it’s learned its lesson and improved its processes after the end user report of the FaceTime eavesdropping bug took over a week to reach the right people at Apple.

Apple has responded in this case in the same way as it did with FaceTime; since all communications are channeled through the company’s servers, it can simply disable the service on the back-end, rendering the Walkie Talkie app unable to actually establish a connection to other users. The app itself will remain on users’ devices, and Apple plans to re-enable the feature once it can push out a fix.

One thing that’s not entirely clear is Apple’s comment that the bug “could allow something to listen through another customer’s iPhone” (emphasis ours), since the Walkie Talkie app only runs on the Apple Watch. We’re assuming Apple misspoke here, as it seems rather odd that the watchOS-only Walkie Talkie app would have any connection with the microphone on a user’s iPhone. It’s also possible that Apple was speaking about the actual streamed audio data travelling through the iPhone from the Apple Watch, and not specifically to the iPhone capturing the audio by itself.

Unlike the FaceTime bug earlier this year, Apple has had to disable the Walkie Talkie service in its entirety. The FaceTime eavesdropping bug was specifically related to the Group FaceTime feature that debuted in iOS 12.2, allowing Apple to disable only that aspect of the FaceTime service, while leaving person-to-person FaceTime calls untouched. It’s probably also fair to say that considerably fewer users will be inconvenienced by the temporary unavailability of the Walkie Talkie feature, although Apple has apologized for those who are, promising to restore the feature as soon as possible, which will probably come in the form of an iOS and watchOS update to patch the flaw.