Apple released iOS 16.1 and macOS Ventura to the public this week. In addition to headlining new features and changes, there are also essential security fixes as well. One of the most notable fixes is for a bug that allowed applications to eavesdrop on your conversations with Siri. Here are the full details…
The bug was discovered by 9to5Mac contributor and indie developer Guilherme Rambo, who reported the bug to Apple. Rambo develops the AirBuddy app that makes it easier to connect your AirPods, Beats, and other Bluetooth accessories to your Mac. As such, he spends a lot of time working with AirPods and investigating how they work under the hood.
Here’s the TL;DR on the bug that Rambo found and reported to Apple, and Apple fixed with iOS 16.1:
Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.
Once he discovered this bug, Rambo created an app that allowed him to test which of Apple’s platforms were affected. The app did the following things:
- Asks for Bluetooth permission.
- Finds a connected Bluetooth LE device that has the DoAP service.
- Subscribes to its characteristics to be notified of when streaming starts and stops, and when audio data comes in.
- When streaming starts, creates a new .wav file, then feeds the Opus packets coming from the AirPods into a decoder, which then writes the uncompressed audio to the file.
- Once streaming stops, it closes the .wav file, then sends a local push notification to demonstrate that the app has successfully recorded the user in the background.
On iOS, this still required that the user give access to the app for Bluetooth connectivity, but as Rambo points out, “most users would not expect that giving an app access to Bluetooth could also give it access to their conversations with Siri and audio from dictation.”
On macOS, however, this wasn’t the case:
So at least on macOS, apps would be able to record your conversations with Siri or dictation audio without any permission prompts at all. Even worse, this particular exploit would also allow the app to request DoAP audio on-demand, bypassing the need to wait for the user to talk to Siri or use dictation.
You can read the full rundown of Rambo’s process on his blog. He reported the bug to Apple on August 26, received a reply on August 29, and the software updates to fix the issue were released on October 24.
FTC: We use income earning auto affiliate links. More.