Apple disables Walkie-Talkie Watch app due to eavesdropping vulnerability

Apple Watch Walkie-Talkie
  • Save

Apple today disabled the Walkie-Talkie app on the Apple Watch after that company discovered a vulnerability that could allow other people to listen in on other iPhones. The company did not elaborate on how the vulnerability is being exploited aside from stating that “specific conditions and sequences of events are required to exploit it.”

The company told TechCrunch:

We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.

Apple has apologised for the bug and for the inconvenience of the inability to use the app while it attempts to plug the problem. The app will remain installed on devices but will not function until Apple has sorted out the issue. Apple was alerted of the bug via its “report a vulnerability” portal.

The Walkie-Talkie app on Apple Watch allows two users to communicate via “push to talk,” once both party mutually accept invitations.

Earlier in the year, teenager Grant Thompson discovered the FaceTime group calling vulnerability. Apple eventually fixed the bug and rewarded Thompson with a bug bounty.

It’s no secret that Apple takes privacy and security seriously, as it continues to walk to talk. Earlier today, it quietly pushed a Mac update to remove a feature of the Zoom conference app that allowed it to bypass Mac restrictions to provide a smoother call initiation experience. The very feature allows emails and websites to add a user to an active video call without their permission.

Copy link
Powered by Social Snap