Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri

Tue, 01 Nov 2022 2:10:00 Dan

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri.

Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.

Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed SiriSpy, has been assigned the identifier CVE-2022-32946.

"Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets," Rambo said in a write-up.

"This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone."

The vulnerability, according to Rambo, relates to a service called DoAP that's included in AirPods for Siri and Dictation support, thereby enabling a malicious actor to craft an app that could be connected to the AirPods via Bluetooth and record the audio in the background.

More at https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html

About the author

Dan

Dan

 

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.