Apple has disabled the Walkie-Talkie app on the Apple Watch. It happened after the company discovered a critical vulnerability in the app. As the name suggests, the Walkie-Talkie app allows users to place push-to-talk calls through a tweaked form of FaceTime Audio. Apple isn’t aware of the vulnerability having been used, and hasn’t provided any details of how it works beyond saying that “specific conditions and sequences of events are required to exploit it.”
This is not the first time a bug has been discovered in Apple’s FaceTime calling feature. Earlier this year, Apple confirmed that a bug allowed users to eavesdrop on others using FaceTime. The company has now disabled the Walkie-Talkie app due to a bug that allowed people to listen in on other iPhones. Apple has released a statement following the discovery of the bug.
Here’s Apple’s statement to TechCrunch:
We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.
Walkie-Talkie is an Apple Watch app that offers push-to-talk calls through a tweaked form of FaceTime Audio. It was added to the Apple Watch with last year’s release of watchOS 5. The app itself is still installed on users’ watches, but calls won’t go through.
This is the second time this year Apple has had to disable a FaceTime calling feature. In January, a vulnerability was discovered in the new group calling functionality that allowed people to listen in on devices before a call was picked up. Apple was slow to respond to that bug, which was reported to the company the week before it got wider attention.
It looks like Apple has been able to get out ahead of the issue this time round, however, and the timing is notable for another reason — just yesterday Apple took decisive action to remove Zoom’s web server software from Macs after the videoconferencing app had a major vulnerability bug of its own discovered.