Skip to main content

Your Siri conversations may have been recorded without your permission

Apple has patched a security flaw that left macOS and iOS devices vulnerable to having interactions with Siri spied upon and recorded when using accessories such as AirPods or Beats headsets via Bluetooth.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo, according to Apple Insider.

Single AirPods Pro in case.
Phil Nickinson / Digital Trends

The flaw was associated with Mac and iPhone or iPad products and had the opportunity for users to have their audio accessories hacked when using apps associated with audio due to the “app needing microphone access or showing that it was using the microphone,” Apple Insider said.

According to Rambo, he realized something was off when he experienced dips in audio quality while using Siri with AirPods on but not when using the microphone in this macOS device. However, the change in audio quality returned when he was in a video conference.

He tested his suspicions by writing a command-line tool called “bleutil” and discovered that the tool intercepted audio data for Bluetooth Low Energy devices connected to macOS products and also didn’t ask for microphone permission to access the system.

To further test the flaw, he created an app that could record users through Siri without requesting permission. The feature wouldn’t even register on a macOS Control Center, the only thing that would come up is “Siri & Dictation,” Apple Insider said.

The app was compatible with iPhone, iPad, Apple Watch, and Apple TV for iOS 15 and the latest iOS 16 beta at that time in late August.

The developer reported the flaw to Apple on August 26, which allowed the brand to investigate its source and find a fix, which was rolled out on the iOS 16.1 update for iPhones and the latest macOS Ventura update for computers. However, it remains unknown whether any bad actors got access to the flaw while it was still open.

Rambo got a $7,000 bounty from Apple for his efforts.

This isn’t Apple’s first run with Bluetooth issues on its devices. In March, the brand released an update for its macOS Monterey 12.3.1 to address Bluetooth and display issues that have been plaguing Mac owners for several weeks. In particular, the update was sent to fix a power management flaw with Bluetooth headphones.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
This little-known feature is my favorite part of using a Mac and iPhone together
Person using iPhone and MacBook.

Apple’s ecosystem attracts plenty of praise for how all the company’s devices work seamlessly together -- and rightly so. But among all the admiring glances cast toward AirDrop, Continuity Camera and Sidecar, there’s another feature that feels a little unloved -- yet it’s a superb perk of using multiple Apple devices together.

That feature is Universal Clipboard, a handy little timesaver that shuns the spotlight and simply works diligently in the background. Yet that simple nature -- it just works, as the saying goes -- is part of what makes it so great to use.

Read more
Own an iPhone, iPad, or MacBook? Install this critical update right now
IOS 16.4.1 UPDATE.

Apple has released software updates for iPhones and iPads that are light on features, but they are critically important from a security perspective. The updates — iOS 16.4.1 and iPadOS 16.4.1 — started rolling out on Friday, but you should install them on your iPhone and iPad as soon as possible to protect your devices from attacks.

In its official release note, Apple says the updates patch two security flaws that “may have been actively exploited.” Now, Apple doesn’t disclose security issues before conducting thorough research, both in-house and in collaboration with cybersecurity experts. In a nutshell, when Apple publicly announces a security flaw, and it comes with a “Critical Vulnerability” badge, you should grab the fix as soon as Apple makes them available.

Read more
One of the most exciting upcoming Mac releases may have been canceled
Members of the press photograph an Apple Pro Display XDR at WWDC 2019.

Apple's 27-inch, mini-LED display was expected to replace the $4,999 Pro Display XDR or possibly bridge the gap between the $1,600 Studio Display and the premium display. Unfortunately, the latest report suggests it has been canceled, leaving fans to speculate about why this highly anticipated product might never arrive.

Display Supply Chain Consultants CEO Ross Young, a typically reliable source of Apple supply chain information, shared the news via a subscriber-only tweet. 9to5Mac was first to pick up the story, noting that Young said despite suppliers shipping some of these advanced panels last year, the finished product has been "killed off."

Read more