Grant Thompson, a 14-year-old high school student in Tucson, Arizona, just wanted to chat with friends and play some "Fortnite" when he discovered a major bug in Apple's popular FaceTime feature.
On Jan. 19, Thompson called his friend Nathan using FaceTime, but Nathan didn't pick up. So Thompson swiped up and added another friend, a move that instantly connected him with Nathan, whose phone was still ringing.
"We were pretty shocked at first because it was still ringing on his phone," he said in an interview. "After that we tested it for about half an hour to see if it worked every time."
It did. Thompson had discovered a bug that allowed him to force other iPhones to answer a FaceTime call, even if the other person doesn't take any action. Apple has since disabled the "Group FaceTime" feature, and a software update to fix the bug is expected to be released, but not before users expressed widespread shock at the flaw in an Apple device typically known for security.
Thompson brought his discovery to his mother, Michele Thompson, a lawyer. She could hardly believe it herself.
"I was doubtful," she said. "He showed it to me on my iPhone and it worked."
For the next week, Michele Thompson, 43, tried to notify Apple of the flaw through a variety of avenues, many of which were dead ends.
"It was very frustrating getting them to respond," she said. "I get it. I'm sure they get all sorts of kooks that try to report things to them."
Yes. We turned it off on our iPads yesterday. I never use FaceTime anymore - we usually chat with the kids through facebook messenger video Ive got the microphones and video turned off on pretty much every app anyway, and just turn it on when I need it.
I just texted my mom the instructions PJ listed above, with very little comment. In looking at my text, it totally looks like one of those spam-y things and she's probably not going to believe it was me!
Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up.
The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact with the company before the bug was discovered elsewhere and went viral on social media.
The payout will fall under Apple’s bug bounty, which incentivizes security researchers to claim a reward for privately submitting security bugs and vulnerabilities to the company. Apple will also offer an unspecified additional gift to Thompson’s education.