Skip to main content

Your Siri conversations may have been recorded without your permission

Apple has patched a security flaw that left macOS and iOS devices vulnerable to having interactions with Siri spied upon and recorded when using accessories such as AirPods or Beats headsets via Bluetooth.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo, according to Apple Insider.

Single AirPods Pro in case.
Phil Nickinson / Digital Trends

The flaw was associated with Mac and iPhone or iPad products and had the opportunity for users to have their audio accessories hacked when using apps associated with audio due to the “app needing microphone access or showing that it was using the microphone,” Apple Insider said.

According to Rambo, he realized something was off when he experienced dips in audio quality while using Siri with AirPods on but not when using the microphone in this macOS device. However, the change in audio quality returned when he was in a video conference.

He tested his suspicions by writing a command-line tool called “bleutil” and discovered that the tool intercepted audio data for Bluetooth Low Energy devices connected to macOS products and also didn’t ask for microphone permission to access the system.

To further test the flaw, he created an app that could record users through Siri without requesting permission. The feature wouldn’t even register on a macOS Control Center, the only thing that would come up is “Siri & Dictation,” Apple Insider said.

The app was compatible with iPhone, iPad, Apple Watch, and Apple TV for iOS 15 and the latest iOS 16 beta at that time in late August.

The developer reported the flaw to Apple on August 26, which allowed the brand to investigate its source and find a fix, which was rolled out on the iOS 16.1 update for iPhones and the latest macOS Ventura update for computers. However, it remains unknown whether any bad actors got access to the flaw while it was still open.

Rambo got a $7,000 bounty from Apple for his efforts.

This isn’t Apple’s first run with Bluetooth issues on its devices. In March, the brand released an update for its macOS Monterey 12.3.1 to address Bluetooth and display issues that have been plaguing Mac owners for several weeks. In particular, the update was sent to fix a power management flaw with Bluetooth headphones.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
My hopes for a new iMac Pro have been dashed — for now
An Apple iMac Pro in a dark room flanked by two monitors, one on either side of it.

Apple’s iMac Pro has been shrouded in mystery ever since it was discontinued in 2021. Over the past year, it has swung back into the news as numerous leakers and analysts have claimed a new one is coming soon. But when exactly? That’s far from certain.

Now, though, we might have moved a little closer toward knowing, and it’s not great news if you’ve been hoping for an imminent update. That’s because reporter Mark Gurman’s latest Power On newsletter has outlined Apple’s plans for 2024 -- and the iMac Pro is conspicuous by its absence.

Read more
Apple’s cheaper Vision Pro headset may have been scrapped, report claims
Apple Vision Pro being worn by a person while using a keyboard.

Apple’s Vision Pro headset is still months away from launching, but one well-known analyst has already painted a bleak picture for the device. According to the assessment, Apple might have canceled a low-cost version of the Vision Pro, leaving potential customers in the lurch.

The news was published in a report from Apple analyst Ming-Chi Kuo, who is thought to have well-placed sources in Apple’s supply chain. Previous leaks have suggested that Apple is working on a cheaper edition of the Vision Pro -- due to launch in 2025 -- to help users who can’t afford the base model’s $3,499 price tag, but Kuo thinks those plans might have been scrapped entirely.

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more