Security News > 2022 > October > Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri.

Apple said "An app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.

"Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets," Rambo said in a write-up.

The vulnerability, according to Rambo, relates to a service called DoAP that's included in AirPods for Siri and Dictation support, thereby enabling a malicious actor to craft an app that could be connected to the AirPods via Bluetooth and record the audio in the background.

While the attack requires that the app has access to Bluetooth, this restriction can be trivially bypassed as users granting Bluetooth access to the app are unlikely to expect that it could also open the door to accessing their conversations with Siri and audio from dictation.

On macOS the exploit could be abused to achieve a total bypass of the Transparency, Consent and Control security framework, meaning any app can record conversations with Siri without requesting for any permissions in the first place.

News URL

https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html