Security
Headlines
HeadlinesLatestCVEs

Headline

iOS Bug Lets Apps Record Siri Conversations

Without even asking for permissions, the newly discovered ‘SiriSpy’ flaw in Apple’s iOS Bluetooth access could allow someone to access user interactions with Siri and keyboard-dictation audio.

DARKReading
#vulnerability#ios#apple

For anyone who thought their conversations with Siri were sacred and keyboard dictation recordings were secure, a new analysis found a flaw in the iOS Bluetooth that could allow someone to grab audio from both.

The find is from researcher Guilherme Rambo, who published details of an Apple iOS flaw he calls “SiriSpy,” tracked under CVE-2022-32946. It would let a malicious app that a user has been convinced to install eavesdrop on audio interactions with iPhones.

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets,” Rambo wrote. “This would happen without the app requesting microphone access permission, and without the app leaving any trace that it was listening to the microphone.”

Rambo explained he regularly does cybersecurity research on AirPods, leading him to the find.

After alerting Apple to the vulnerability in late August, Rambo said on Oct. 24 that iOS 16.1, along with all of the other remaining Apple operating systems, were updated with a fix. Making the find even sweeter, Rambo added he’s been told by Apple he will receive a $7,000 bug bounty for his efforts.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related news

CVE-2022-32946: About the security content of iOS 16.1 and iPadOS 16

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August

DARKReading: Latest News

Non-Human Identities Gain Momentum, Requires Both Management, Security