The latest updates for iOS and macOS have fixed a serious security flaw that could allow apps with Bluetooth access to record conversations with Siri.
An app was able to record a person's conversations with Siri and the audio of iOS keyboard dictation when using AirPods or a Beats headset. This was done without the app needing access to the microphone or showing that it was using the microphone. Developer Guilherme Rambo found and reported it to Apple on August 26. Apple has fixed the vulnerability, which was database listed as CVE-2022-32946, was patched on October 24 with iOS 16.1 and macOS Ventura.
SiriSpy
Rambo was initially surprised by the audio quality of the AirPods when using Siri, saying that there is no loss of quality when using the microphone. However, there is usually a drop in quality during video conferences, for example. He got to the bottom of the matter using the command line tool "bleutil" that he developed. Specifically, Rambo can use the tool to interact with Bluetooth Low Energy devices on macOS. During testing, the developer found that the tool intercepted audio data from the AirPods while using Siri and that it did not require microphone permission from the system. So in late August he wrote an app for iPhone, iPad, Apple Watch and Apple TV that run on both iOS 15 and the latest iOS 16 beta. The app tested the vulnerability and Rambo found that an app with Bluetooth permission could record the user in the background without requesting permission.
How you can protect yourself
In Control Center, only "Siri & Dictation" was shown as the running feature instead of the app. In this case, the only way to protect conversations on iPhones and Macs is to update to the latest software, which is iOS 16.1, iPadOS 16.1, and macOS Ventura. Updating is the best and most common advice in the world of security. Updates for apps and operating systems almost always contain fixes for security vulnerabilities found in older software versions. (Photo by Unsplash / Omid Armin)
