Headline
Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri
A now-patched security flaw in Apple’s iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said “an app may be able to record audio using a pair of connected AirPods,” adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August
A now-patched security flaw in Apple’s iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri.
Apple said “an app may be able to record audio using a pair of connected AirPods,” adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.
Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed SiriSpy, has been assigned the identifier CVE-2022-32946.
“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets,” Rambo said in a write-up.
“This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.”
The vulnerability, according to Rambo, relates to a service called DoAP that’s included in AirPods for Siri and Dictation support, thereby enabling a malicious actor to craft an app that could be connected to the AirPods via Bluetooth and record the audio in the background.
This is compounded by the fact that “there’s no request to access the microphone, and the indication in Control Center only lists ‘Siri & Dictation,’ not the app that was bypassing the microphone permission by talking directly to the AirPods over Bluetooth LE.”
While the attack requires that the app has access to Bluetooth, this restriction can be trivially bypassed as users granting Bluetooth access to the app are unlikely to expect that it could also open the door to accessing their conversations with Siri and audio from dictation.
On macOS, however, the exploit could be abused to achieve a total bypass of the Transparency, Consent and Control (TCC) security framework, meaning any app can record conversations with Siri without requesting for any permissions in the first place.
Rambo said the reason for this behavior is owing to the lack of entitlement checks for BTLEServerAgent, the daemon service responsible for handling DoAP audio.
A software patch remediating this flaw is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later. It has also been resolved in all supported versions of macOS.
The iOS 16.1 update, which was released on October 24, 2022, comes with fixes for a total of 20 flaws, including a Kernel vulnerability (CVE-2022-42827) that it disclosed as being actively exploited in the wild.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Related news
Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.
Without even asking for permissions, the newly discovered 'SiriSpy' flaw in Apple's iOS Bluetooth access could allow someone to access user interactions with Siri and keyboard-dictation audio.
Supply chain attacks were all the rage in 2020 after SolarWinds, but we seem to have forgotten how important they are.
Categories: News Tags: iPhone Tags: iPad Tags: Apple Tags: zero day Tags: exploit Tags: bug Tags: threat Tags: CVE-2022-42847 A zero-day bug that affects iPhones and iPads is being exploited in the wild (Read more...) The post iPhone zero-day. Update your devices now! appeared first on Malwarebytes Labs.
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of