Apple compensated a Tucson teen for discovering FaceTime security flaw

Apple has compensated a Tucson teen for discovering a now-resolved security flaw that allowed iPhone users to eavesdrop via FaceTime.

Grant Thompson, a freshman at Catalina Foothills High School, was awarded a sum of money for finding the bug and an additional “gift toward his education,” his mother, Michele Thompson told the Arizona Daily Star. Apple confirmed the award, according to multiple media reports.

Grant, 14, will use the entire reward to fund his college education, his mother said, though she did not disclose how much money Apple awarded her son. Apple did not respond to a request for comment from the Star.

In addition to the award, an Apple executive visited Grant in Tucson earlier this month, Thompson said.

The executive asked Grant and his mom some “very poignant questions” about the glitch discovery, thanked him for his work and answered questions he had about pursuing a career in the IT field.

“Grant also jokingly asked about when the next AirPods 2 were coming out,” Thompson said.

Grant discovered the security glitch last month while coordinating a game of Fortnite with his friends via FaceTime, Thompson said.

As Grant set up a group FaceTime call with his friends, he noticed something odd: he could hear one of them talking before he ever answered the phone.

“Everyone could hear what was happening, what was going on in the vicinity of the first friend’s phone … so (Grant) started talking to this first friend,” Thompson said. “And then the first friend said, ‘Grant? How can you hear me? I haven’t answered the phone!’ And (Grant) looked at his phone, and it looked like it was still ringing.”

Grant called his friends, sister and mom multiple times on FaceTime to see if the incident was a fluke. It was not.

“Each and every time it worked,” Thompson said. “So at that point, we started our quest to notify Apple in some fashion.”

Thompson said it took a few weeks to get in touch with Apple. She first filed an incident report, to which Apple did not reply.

From there, she posted vaguely about her son’s discovery on Facebook and Twitter, tagging Apple Support and Apple CEO Tim Cook in her various posts.

A couple of weeks passed, and she still hadn’t heard back. So she snooped a little deeper and found an email address for Apple’s product security department and their general counsel’s fax number. She sent both parties a message with her law firm’s letterhead.

Still, she heard nothing. She called Apple Support, and they told her to register online as an Apple developer so she could submit a bug report, even though she isn’t a developer. She followed their instructions and emailed the product security team again.

Thompson didn’t hear back from Apple until after national media outlets broke the news about the FaceTime glitch and traced the report back to her original tweets.

Apple reached out only a couple of hours before her and Grant’s first media interview with a reporter from the Wall Street Journal.

“We probably underestimated the amount of attention this would get and the seriousness of it,” Grant’s mother said.

“But looking back, we realized there were really significant privacy and security issues with what Grant discovered.”

Subscribe for just 99¢ per week
  • Support quality journalism
  • Get unlimited access to and apps
  • No more surveys blocking articles
%d bloggers like this: