Has any law enforcement authority abused the FaceTime bug? We don't know.

A major security breach was discovered in the popular app FaceTime: an Apple Application that allows you to voice chat with your friends and engage in video conferences. How was the bug used? Well, that was quite easy: all you needed to do was call a friend, and before he answered his phone, open a conference. This was sufficient to turn his phone into a smart listening device.

Now, this bug is a big fault: it means that any Apple device was a de-facto listening device. It does not mean that Android is free from these bugs: it means that it was just discovered in Facetime and similar bugs are to happen later.

What we do not know is whether any law enforcement or security authority knew about this bug. If, for example, the Israeli secret service knew about the bug and paid a hefty sum for it, it means that it was able to wiretap people without sending his operatives to install listening devices. It also means that they were irresponsible and left all of us unprotected in order to abuse this vulnerability.

Zero day vulnerabilities, meaning security vulnerabilities that are not disclosed to vendors, are something we deal with every day. Sometimes they are used by hackers and sometimes they are used by governments. But never have I heard of such a wide vulnerability that may have been used by a government that has such an adverse effect if not patched. I just want to hope that this is not the case.

Whether people used this vulnerability or not is a matter or national security sometimes, and we may never know about it. What we do know, is that if this happened is that our governments left us unsafe in order to abuse it. It that did happen, something has to change about the way governments may use zero-day vulnerabilities.