Skip to main content

Your Siri conversations may have been recorded without your permission

Apple has patched a security flaw that left macOS and iOS devices vulnerable to having interactions with Siri spied upon and recorded when using accessories such as AirPods or Beats headsets via Bluetooth.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo, according to Apple Insider.

Single AirPods Pro in case.
Phil Nickinson / Digital Trends

The flaw was associated with Mac and iPhone or iPad products and had the opportunity for users to have their audio accessories hacked when using apps associated with audio due to the “app needing microphone access or showing that it was using the microphone,” Apple Insider said.

According to Rambo, he realized something was off when he experienced dips in audio quality while using Siri with AirPods on but not when using the microphone in this macOS device. However, the change in audio quality returned when he was in a video conference.

He tested his suspicions by writing a command-line tool called “bleutil” and discovered that the tool intercepted audio data for Bluetooth Low Energy devices connected to macOS products and also didn’t ask for microphone permission to access the system.

To further test the flaw, he created an app that could record users through Siri without requesting permission. The feature wouldn’t even register on a macOS Control Center, the only thing that would come up is “Siri & Dictation,” Apple Insider said.

The app was compatible with iPhone, iPad, Apple Watch, and Apple TV for iOS 15 and the latest iOS 16 beta at that time in late August.

The developer reported the flaw to Apple on August 26, which allowed the brand to investigate its source and find a fix, which was rolled out on the iOS 16.1 update for iPhones and the latest macOS Ventura update for computers. However, it remains unknown whether any bad actors got access to the flaw while it was still open.

Rambo got a $7,000 bounty from Apple for his efforts.

This isn’t Apple’s first run with Bluetooth issues on its devices. In March, the brand released an update for its macOS Monterey 12.3.1 to address Bluetooth and display issues that have been plaguing Mac owners for several weeks. In particular, the update was sent to fix a power management flaw with Bluetooth headphones.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Apple may soon eliminate the notch from your Mac and iPhone
An Apple MacBook laptop with the macOS Ventura background wallpaper and the notch seen at the top of the display.

So many Apple devices have the divisive notch cutout these days that the feature has almost become its own brand, yet it continues to stir disapproving glances and attempts to hide it wherever it's seen. Apple could now be on the brink of eliminating it for good.

That’s because the company recently filed a patent in Europe outlining how future Apple devices, from Macs to iPhones, could do away with the notch once and for all, giving you a borderless experience that’s unbroken around the screen. It’s a grand idea, and Apple thinks it knows how to make it work.

Read more
WWDC 2023: everything announced at Apple’s huge event
Promotional logo for WWDC 2023.

As regular as the tides, Apple’s Worldwide Developer Conference (WWDC) has become a big and highly anticipated part of our calendar. As is usual, this year’s keynote announcements will include all the usual improvements for iOS, iPadOS, watchOS, macOS, and more — but this year is also different, thanks to the reveal of a brand new area for Apple, the Vision Pro headset.

The keynote was jammed full of content, as usual, and there's plenty to talk about. Here's a recap of everything Apple announced at WWDC 2023!
Vision Pro VR headset

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more