According to foreign media reports, the US House Energy and Commerce Committee wrote a letter to Apple CEO Tim Cook, hoping that he would answer six questions about his video calling software FaceTime eavesdropping vulnerability.
The letter was signed by Energy and Commerce Chairman Frank Pallone, Jr. and Chairman of the Consumer Protection and Business Subcommittee Jan Schakowsky.
The committee said in the letter that they were deeply disturbed by the emergence of this vulnerability and Apple's reaction time to this vulnerability.
This letter to Cook himself questioned Apple's response to the FaceTime vulnerability too slowly. A week before the security breach was announced, 14-year-old Grant Thompson informed Apple of the vulnerability.
The US House Energy and Commerce Committee wants to know more:
“We are deeply disturbed by recent media reports. According to these reports, it took Apple a long time to resolve a serious privacy-invasive vulnerability discovered by Grant Thompson in its FaceTime software. Therefore, we wrote this letter to better understand the time when Apple first learned about this vulnerability, the extent to which the vulnerability compromised consumer privacy, and whether there are other vulnerabilities that have not yet been disclosed and resolved. ”
The letter raised six specific questions, including when Apple first discovered the vulnerability and whether other users, besides Thompson, reported this to Apple.
In addition, the committee wanted to learn more about what tests Apple tested before it released new features and why they failed to identify the Group FaceTime vulnerability. Cook was also asked if there were other vulnerabilities in Apple devices and applications that could allow people to use microphones and cameras without authorization.
Here are six questions that the US House Energy and Commerce Committee hopes Cook answers:
- When did your company first discovered a Group FaceTime vulnerability that allowed individuals to access their camera's camera and microphone before they answered the FaceTime phone? Did your company confirm this vulnerability before Thompson’s mother informed you about the company? Are there other users who have also notified Apple of this vulnerability?
- Please provide a specific timeline indicating what steps your company is prepared to take after initial confirmation of this vulnerability and when to take action to address the vulnerability.
- What processes and test steps have your company developed before releasing consumer products, and what processes have been developed to detect these vulnerabilities? Why are these loopholes not found in these processes? What measures your company is preparing to take to improve future testing before product release.
- Why did it take so long for Thompson's mother to find and report the Group FaceTime feature vulnerability to Apple?
- What steps is your company taking to determine which FaceTime users' privacy has been violated by this vulnerability? Does Apple intend to notify these consumers and compensate them? When will Apple send notifications to affected consumers?
- Are there other vulnerabilities in Apple devices and applications that allow people to use the microphone and camera without authorization?
This is not the first time Cook has faced a review by the US House of Representatives Energy and Commerce Committee. Last summer, the committee sent Cook a list of questions about iOS location and “嘿, Siri”. In January last year, US lawmakers asked Cook about iPhone speed limits and battery explosions.
The chairman of the US House Energy and Commerce Committee hopes that Cook will respond by February 19, 2019. In general, an Apple representative will answer questions on behalf of Cook.