Flaw in Apple Watch Walkie Talkie app allows attackers to spy on iPhone users

• A vulnerability in Apple Watch Walkie Talkie app could allow an attacker to eavesdrop on another iPhone user without their consent.
• Apple disabled the Walkie Talkie app and apologized for the bug and the inconvenience caused until it gets fixed.

On Thursday, Apple disabled the Walkie Talkie app on Apple Watch, citing an unspecified vulnerability that could allow an attacker to eavesdrop on another iPhone user without their consent.

The Walkie Talkie app for Apple Watch provides its users an ability to invite each other to communicate via audio chats through a “push to talk” interface. It provides an experience similar to the PTT buttons found on old cell phones and walkie talkie devices.

What is the issue?

The Walkie Talkie app on Apple Watch suffers from a serious vulnerability that can allow attackers to spy on iPhone users without their consent. Apple has not disclosed any specific details about the vulnerability.

The vulnerability in the Walkie Talkie app was reported to Apple through the company’s vulnerability portal.

Apple stated that there is no current evidence of the flaw being exploited in the wild. As a precautionary measure, Apple has chosen to disable the Walkie Talkie feature on Apple Watch until it is updated with a fix.

What did Apple say?

Apple has apologized for the bug and for the inconvenience caused to users who will be unable to use the feature until it gets fixed with an update.

“We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience,” read the statement from Apple, TechCrunch reported.

Worth noting

Earlier in January 2019, a critical vulnerability was discovered in the group calling feature of FaceTime that allowed users to listen and watch the person receiving the call even before they accept the call. Members of Congress and state authorities also raised concerns about Apple’s handling of the FaceTime bug.