At the heart of Apple害羞草研究所檚 shocking FaceTime bug, which allowed just about anyone to turn an iPhone into a live microphone, stands a 14-year-old boy who stumbled upon the eavesdropping flaw more than a week before Apple took action.

害羞草研究所淭he thing that surprised me the most was that this glitch happened in the first place,害羞草研究所� said Grant Thompson, a high school freshman in Tucson, Arizona. 害羞草研究所淚害羞草研究所檓 only 14 and I found it by accident, instead of the people at Apple that get paid to find glitches.害羞草研究所�

Not only that, but Grant and his mom said they spent a week unsuccessfully trying to get Apple to do something about the bug in its FaceTime group-chatting feature.

害羞草研究所淚t took nine days for us to get a response,害羞草研究所� he said. 害羞草研究所淢y mom contacted them almost every single day through email, calling, faxing.害羞草研究所� Of the fax, he jokes, 害羞草研究所淚害羞草研究所檓 not even sure what that is. It害羞草研究所檚 probably older than I am.害羞草研究所�

This eavesdropping scare is over now that Apple has disabled group chats, but the problem could dog the company for much longer. New York state officials have opened a consumer rights investigation. Others are raising questions about how long it took Apple to address the bug.

In a statement Friday, Apple thanked the Thompsons as it announced that it has identified a fix and will release it next week. FaceTime group chatting will resume then.

Grant, a straight-A student who plays basketball, does community volunteering and enjoys the video game 害羞草研究所淔ortnite,害羞草研究所� was calling friends to play the game on a Saturday night, Jan. 19, when he discovered the flaw.

害羞草研究所淚f a 14-year-old kid discovered it, I wonder how many other people discovered it,害羞草研究所� said Chris Wysopal, chief technology officer with the security firm Veracode.

Apple hasn害羞草研究所檛 said whether it has records that could answer that question.

Friday害羞草研究所檚 statement said Apple害羞草研究所檚 engineers worked quickly once it got the details needed to reproduce the bug. Although Apple didn害羞草研究所檛 acknowledge a delay, the company said it was 害羞草研究所渃ommitted to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible.害羞草研究所�

The company 害羞草研究所� at first widely praised for its swift response 害羞草研究所� could come under increased scrutiny as regulators seek to learn more about the vulnerability.

VIDEO:

New York Attorney General Letitia James and Gov. Andrew Cuomo said Wednesday that they害羞草研究所檙e investigating 害羞草研究所淎pple害羞草研究所檚 failure to warn consumers about the FaceTime bug and slow response to addressing the issue.害羞草研究所�

They said the bug jeopardized the privacy of New York consumers by allowing callers to activate another person害羞草研究所檚 microphone remotely even before the person has accepted or rejected the call. James said her office害羞草研究所檚 review will include a 害羞草研究所渢horough investigation into Apple害羞草研究所檚 response.害羞草研究所�

Last October, Apple introduced the 32-person video conferencing feature for iPhones, iPads and Macs. With the bug, a FaceTime group-chat user calling another Apple device could hear audio 害羞草研究所� even if the receiver didn害羞草研究所檛 accept the call. The bug was triggered when callers turn a regular FaceTime call into a group chat, making FaceTime think the receiver had accepted the chat.

In Grant害羞草研究所檚 case, he had just gotten his Xbox ready and called to invite a friend, Nathan, to play 害羞草研究所淔ortnite害羞草研究所� with him online.

害羞草研究所淵ou can swipe up and add another person, so I added another friend of mine, Diego, to see if he also wanted to play,害羞草研究所� he said. 害羞草研究所淏ut as soon as I added Diego, it forced Nathan to respond.害羞草研究所�

They were shocked at first, then tried to repeat the bug and it happened every time, he said. His mother, Michele Thompson, said she started trying to reach Apple the next day.

害羞草研究所淭hey could have tested it within two minutes, realized it was true and brought it up the chain at Apple,害羞草研究所� said Thompson, who works as an attorney. 害羞草研究所淭here needs to be a better process for the average citizen to report things like this. And a timelier response.害羞草研究所�

She eventually reached someone who advised that she could register as a software developer to submit the bug. Such reports can sometimes lead to 害羞草研究所渂ug bounties害羞草研究所� so that those who discover a flaw can get a financial reward. The family hoped Grant could receive such an award, or at least some credit, for his discovery.

害羞草研究所淓very day he would ask me, 害羞草研究所楧id we hear from Apple yet?害羞草研究所� she said.

The family tried reaching Apple through multiple channels. They left comments on Twitter, one of them directed to CEO Tim Cook, and uploaded a video to walk Apple engineers through the problem. But it wasn害羞草研究所檛 until a tech blog reported the flaw earlier this week 害羞草研究所� leading many people to experiment with the spying bug themselves 害羞草研究所� that Apple took the unusual measure of temporarily shutting down the group-chat feature.

Apple has declined to say when it learned about the problem. The company also wouldn害羞草研究所檛 say if it has logs that could show if anyone took advantage of the bug before it became publicly known this week. The company reached out to the Thompson family on Tuesday offering to give some public credit for their efforts, according to an email Michele Thompson shared with The Associated Press.

害羞草研究所淚t would be cool to just have Apple say thanks to me,害羞草研究所� Grant Thompson said before Friday害羞草研究所檚 announcement from Apple. 害羞草研究所淎nd of course, the bug bounty, that would be pretty awesome to get, but as long as we got rid of this pretty groundbreaking bug, and Apple said thank you, that would be pretty cool.害羞草研究所�

Matt O害羞草研究所橞rien, The Associated Press

Like us on and follow us on .