Armis Stops New FaceTime Vulnerability

By Tal Tzhori & Hilit Yurman

Apple prides itself on its security. At CES, it even promoted the line “What happens on iPhone stays on iPhone.” So it was unexpected when reports surfaced about a vulnerability in FaceTime that lets people eavesdrop on group FaceTime chats.

The vulnerability, found in iOS 12.1, was so easy to exploit and so far-reaching that experts recommended turning off FaceTime, government agencies started investigations, and even Apple itself disabled the group chats feature.

Apple says it’s fixed the problem and will push out a software update to affected users soon. However, as the story broke, Armis worked side by side with our clients and partners to let them know if they were exposed. Armis lets you take inventory of impacted devices specifically running the impacted versions of iOS 12.1.x.

Armis Lets You See Impacted Devices

This is a simple query from Armis that took less time to return results than it took you to read this sentence.

Armis Lets You See FaceTime Traffic

We went a step further and peered into the traffic to detect actual FaceTime usage on those devices:

Some clients chose to create simple policies within Armis that alert the appropriate IT/Security personnel and even block those devices automatically from the corporate network.

Armis detects vulnerabilities like these automatically, and mitigates the risk to help keep what happens in your business inside your business. We regularly work with our customers to make sure these capabilities like these are integrated into the platform as soon as new vulnerabilities are disclosed. Armis can now:

• Identify Apple devices on the network running vulnerable versions of iOS
• Detect FaceTime traffic on the network, and associate that traffic with vulnerable devices
• Apply a new, higher risk score to affected devices found on the network
• Alert security teams when FaceTime an affected device is using FaceTime
• Enforce policies that block network access depending on risk and/or activity

This is the kind of real-time visibility – and mitigation – Armis brings. We deliver the ability to see and take action in a world of connected devices. Devices that sometimes have unexpected vulnerabilities.