Grant Thompson, a 14-year-old in Arizona, is getting money for discovering the vulnerability. He stumbled upon the hack last month when he was calling a friend to play the video game Fortnite.
When his friend did not pick up the FaceTime call, he added a second friend to the group call, which caused the original call to “pick up” even though his friend did not answer.
The security flaw let Grant eavesdrop on the other line. He recreated the hack several times with his friends and his mom to confirm the existence of the bug, he said.
Now Apple is rewarding him for his discovery. The company said it would pay the Thompson family for reporting the bug and would also make a gift toward Grant’s education. Apple did not say how much it would give.
Appearing with his mom on CNBC this week, Grant said he was surprised to find the flaw before Apple did, adding that he would remain an iPhone user despite the bug.
“In general, I think that Apple tries to keep our privacy safe, and I respect that,” he said.
He was also asked whether his popularity at school has changed since Apple credited him with discovering and reporting the bug.
“Quite a few of my friends know of it and think it’s pretty cool,” he said.
Grant’s mom, Michele Thompson, said she called and emailed Apple to alert it about the bug days before its existence was reported in the media.
“We again apologise to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security,” Apple said.
Even as Apple rolls out a security fix for consumers, New York Attorney General Letitia James is investigating the company’s response to the FaceTime bug.
“This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years,” James said in a news release last month.
James appeared to implicitly reference the Thompson family, noting that reports indicated the existence of the bug were flagged to Apple “more than a week before it was shared widely with the media and the company took action”, according to the release.
James said her office would examine “Apple’s failure to warn consumers about the FaceTime bug and slow response to addressing the issue”.
- The Washington Post