Skip to main content
  1. Home
  2. Computing
  3. News

Your Siri conversations may have been recorded without your permission

By

Apple has patched a security flaw that left macOS and iOS devices vulnerable to having interactions with Siri spied upon and recorded when using accessories such as AirPods or Beats headsets via Bluetooth.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo, according to Apple Insider.

Single AirPods Pro in case.

The flaw was associated with Mac and iPhone or iPad products and had the opportunity for users to have their audio accessories hacked when using apps associated with audio due to the “app needing microphone access or showing that it was using the microphone,” Apple Insider said.

Recommended Videos

According to Rambo, he realized something was off when he experienced dips in audio quality while using Siri with AirPods on but not when using the microphone in this macOS device. However, the change in audio quality returned when he was in a video conference.

Related

He tested his suspicions by writing a command-line tool called “bleutil” and discovered that the tool intercepted audio data for Bluetooth Low Energy devices connected to macOS products and also didn’t ask for microphone permission to access the system.

To further test the flaw, he created an app that could record users through Siri without requesting permission. The feature wouldn’t even register on a macOS Control Center, the only thing that would come up is “Siri & Dictation,” Apple Insider said.

The app was compatible with iPhone, iPad, Apple Watch, and Apple TV for iOS 15 and the latest iOS 16 beta at that time in late August.

The developer reported the flaw to Apple on August 26, which allowed the brand to investigate its source and find a fix, which was rolled out on the iOS 16.1 update for iPhones and the latest macOS Ventura update for computers. However, it remains unknown whether any bad actors got access to the flaw while it was still open.

Rambo got a $7,000 bounty from Apple for his efforts.

This isn’t Apple’s first run with Bluetooth issues on its devices. In March, the brand released an update for its macOS Monterey 12.3.1 to address Bluetooth and display issues that have been plaguing Mac owners for several weeks. In particular, the update was sent to fix a power management flaw with Bluetooth headphones.

Editors' Recommendations

Topics
Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
This Mac malware can steal your credit card data in seconds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

Read more
This major Apple bug could let hackers steal your photos and wipe your device
A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Read more
If you use PayPal, your personal data may have been compromised
A person holds a mobile phone with the PayPal app open.

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here's what we know about what happened and how to protect yourself.

Read more