Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

iOS Bug Lets Apps Record Siri Conversations

For anyone who thought their conversations with Siri were sacred and keyboard dictation recordings were secure, a new analysis found a flaw in the iOS Bluetooth that could allow someone to grab audio from both. 

The find is from researcher Guilherme Rambo, who published details of an Apple iOS flaw he calls “SiriSpy,” tracked under CVE-2022-32946. It would let a malicious app that a user has been convinced to install eavesdrop on audio interactions with iPhones.

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets,” Rambo wrote. “This would happen without the app requesting microphone access permission, and without the app leaving any trace that it was listening to the microphone.” 

Rambo explained he regularly does cybersecurity research on AirPods, leading him to the find. 

After alerting Apple to the vulnerability in late August, Rambo said on Oct. 24 that iOS 16.1, along with all of the other remaining Apple operating systems, were updated with a fix. Making the find even sweeter, Rambo added he’s been told by Apple he will receive a $7,000 bug bounty for his efforts. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.


Related News

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were…
CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…