Apple has temporarily switched off the Walkie-Talkie app on the Apple Watch, after it discovered a vulnerability. The flaw could have led to eavesdropping on iPhone users.
Launched in 2018, the Walkie-Talkie app turns Apple Watches into push-to-talk (PTT) walkie talkies, where users can send instant voice messages to each other by holding down an icon on the device's touch screen. The smartwatch's microphone and speaker are used during the call.
- Zoom video conference app flaw lets any website hijack your Mac webcam
- Apple disables group FaceTime after major eavesdropping bug discovered
Apple said it did not know of any incidents where the vulnerability was used to eavesdrop on its customers, but it has suspended use of the app until a fix has been made and issued via a software update. The company was alerted via its 'report a vulnerability' website, and says that eavesdropping would only occur if the Watch user performed a certain sequence of events in specific circumstances.
In a statement sent to TechCrunch late on July 10, Apple said: "We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible."
In a bid to reassure Apple Watch owners, the iPhone maker added: "Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer's iPhone without consent."
This vulnerability is similar to a bug discovered in the group calling feature of Apple's FaceTime video chatting app earlier in 2019. Discovered by teenager Grant Thompson, who at first didn't receive a response after reporting to Apple, the bug made it possible for a caller to listen in to the recipient before they accepted the call.
The Watch app disabling came just hours after Apple quietly pushed out a Mac update to remove a feature of the Zoom conference call service, which allowed the company to circumvent Mac restrictions and reinstall its app after deletion without the user's permission. It also allowed any website to drop a Zoom user into a video call and activate their webcam, without permission.