Skip to main content

‘SiriSpy’ iOS bug allowed apps to eavesdrop on your Siri conversations before fix

Avatar for Chance Miller  | Oct 26 2022 - 10:15 am PT
2 Comments

Apple released iOS 16.1 and macOS Ventura to the public this week. In addition to headlining new features and changes, there are also essential security fixes as well. One of the most notable fixes is for a bug that allowed applications to eavesdrop on your conversations with Siri. Here are the full details…

The bug was discovered by 9to5Mac contributor and indie developer Guilherme Rambo, who reported the bug to Apple. Rambo develops the AirBuddy app that makes it easier to connect your AirPods, Beats, and other Bluetooth accessories to your Mac. As such, he spends a lot of time working with AirPods and investigating how they work under the hood.

Here’s the TL;DR on the bug that Rambo found and reported to Apple, and Apple fixed with iOS 16.1:

Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.

Once he discovered this bug, Rambo created an app that allowed him to test which of Apple’s platforms were affected. The app did the following things:

  • Asks for Bluetooth permission.
  • Finds a connected Bluetooth LE device that has the DoAP service.
  • Subscribes to its characteristics to be notified of when streaming starts and stops, and when audio data comes in.
  • When streaming starts, creates a new .wav file, then feeds the Opus packets coming from the AirPods into a decoder, which then writes the uncompressed audio to the file.
  • Once streaming stops, it closes the .wav file, then sends a local push notification to demonstrate that the app has successfully recorded the user in the background.

On iOS, this still required that the user give access to the app for Bluetooth connectivity, but as Rambo points out, “most users would not expect that giving an app access to Bluetooth could also give it access to their conversations with Siri and audio from dictation.”

On macOS, however, this wasn’t the case:

So at least on macOS, apps would be able to record your conversations with Siri or dictation audio without any permission prompts at all. Even worse, this particular exploit would also allow the app to request DoAP audio on-demand, bypassing the need to wait for the user to talk to Siri or use dictation.

You can read the full rundown of Rambo’s process on his blog. He reported the bug to Apple on August 26, received a reply on August 29, and the software updates to fix the issue were released on October 24.

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

iOS

iOS

iOS is Apple's mobile operating system that runs…

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing