Apple’s new FaceTime software for Macs, which lets Mac users video chat with iPhone 4 and iPod Touch FaceTime users, apparently has a gaping security hole which could compromise your Apple ID password, the site MacNotes reports.
Once you’ve logged into the FaceTime software, you can easily see all of the account settings for the Apple ID used to connect — including the username, ID, place and birth date, as well as the security question and its answer. All of the information is available in plain text (completely unsecured) and you’re not asked to re-enter your password to view it, something which is fairly standard for account security. Using the birth date and security question information, anyone can change the password of the corresponding Apple ID.
The other major issue is that FaceTime apparently doesn’t forget your password when you log out. Upon restarting the application, your password remains in the password field — something which shouldn’t happen without your approval in any application.
How can you protect yourself? Aside from avoiding the FaceTime software for now, which is an early release that’s still in beta testing, you could also set a master password on your computer so that nobody can log in to your system without your permission. General common sense security also applies: It’s yet another reminder why you should never leave your computer running in a public space.
Apple will surely fix the security hole at some point, but until it does you should be extra careful with FaceTime on your Mac.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.