January 8, 2025

SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it

0

<img src="” title=”SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it” /> 

Apple recently released iOS 16.1 earlier this week. The update fixed several vulnerabilities in iPhones one of which could lead an app to run a piece of maliciously crafted code with kernel privileges — a bug that Apple says could have been actively exploited by hackers. In addition to this, the iOS 16.1 update also fixed a vulnerability dubbed as ‘SpySiri’. This vulnerability can allow a malicious app to hear all of a user’s conversations with Siri.

The bug was discovered by 9to5Mac contributor and developer Guilherme Rambo, who discovered it while working on his AirBuddy. During his analysis Rambo discovered that a malicious app could use Bluetooth connectivity to listen to and record all of a user’s conversations with Apple’s voice assistant Siri via connected Apple AirPods or Beats headphones.

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone,” he wrote in a blog post explaining the vulnerability.

Furthermore, the developer said that in a real-world scenario, an app that already has Bluetooth permission for some other reason could be record all of a user’s conversations with Siri “without any indication to the user that it’s going on, because there’s no request to access the microphone, and the indication in Control Center only lists “Siri & Dictation”.”

What’s worrisome is this bug also affects macOS. “So at least on macOS, apps would be able to record your conversations with Siri or dictation audio without any permission prompts at all. Even worse, this particular exploit would also allow the app to request DoAP audio on-demand, bypassing the need to wait for the user to talk to Siri or use dictation,” the developer added.

Thankfully, Apple has already released an update to fix this issue. All you need to do is download and install iOS 16.1 on your iPhone.

How to download and install iOS 16.1 on your iPhone

Step 1: Go to the Settings app.

Step 2: Go to General settings and the go to Software Update section.

Step 3: If you see that a software update is available for you, click on the download and install option to complete the process.

The post SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it appeared first on BGR India.

 

SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it

<img src="" title="SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it" /> 

Apple recently released iOS 16.1 earlier this week. The update fixed several vulnerabilities in iPhones one of which could lead an app to run a piece of maliciously crafted code with kernel privileges — a bug that Apple says could have been actively exploited by hackers. In addition to this, the iOS 16.1 update also fixed a vulnerability dubbed as ‘SpySiri’. This vulnerability can allow a malicious app to hear all of a user’s conversations with Siri.

The bug was discovered by 9to5Mac contributor and developer Guilherme Rambo, who discovered it while working on his AirBuddy. During his analysis Rambo discovered that a malicious app could use Bluetooth connectivity to listen to and record all of a user’s conversations with Apple’s voice assistant Siri via connected Apple AirPods or Beats headphones.

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone,” he wrote in a blog post explaining the vulnerability.

Furthermore, the developer said that in a real-world scenario, an app that already has Bluetooth permission for some other reason could be record all of a user’s conversations with Siri “without any indication to the user that it’s going on, because there’s no request to access the microphone, and the indication in Control Center only lists “Siri & Dictation”.”

What’s worrisome is this bug also affects macOS. “So at least on macOS, apps would be able to record your conversations with Siri or dictation audio without any permission prompts at all. Even worse, this particular exploit would also allow the app to request DoAP audio on-demand, bypassing the need to wait for the user to talk to Siri or use dictation,” the developer added.

Thankfully, Apple has already released an update to fix this issue. All you need to do is download and install iOS 16.1 on your iPhone.

How to download and install iOS 16.1 on your iPhone

Step 1: Go to the Settings app.

Step 2: Go to General settings and the go to Software Update section.

Step 3: If you see that a software update is available for you, click on the download and install option to complete the process.

The post SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it appeared first on BGR India.

 

<img src="” title=”SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it” /> 

Apple recently released iOS 16.1 earlier this week. The update fixed several vulnerabilities in iPhones one of which could lead an app to run a piece of maliciously crafted code with kernel privileges — a bug that Apple says could have been actively exploited by hackers. In addition to this, the iOS 16.1 update also fixed a vulnerability dubbed as ‘SpySiri’. This vulnerability can allow a malicious app to hear all of a user’s conversations with Siri.

The bug was discovered by 9to5Mac contributor and developer Guilherme Rambo, who discovered it while working on his AirBuddy. During his analysis Rambo discovered that a malicious app could use Bluetooth connectivity to listen to and record all of a user’s conversations with Apple’s voice assistant Siri via connected Apple AirPods or Beats headphones.

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone,” he wrote in a blog post explaining the vulnerability.

Furthermore, the developer said that in a real-world scenario, an app that already has Bluetooth permission for some other reason could be record all of a user’s conversations with Siri “without any indication to the user that it’s going on, because there’s no request to access the microphone, and the indication in Control Center only lists “Siri & Dictation”.”

What’s worrisome is this bug also affects macOS. “So at least on macOS, apps would be able to record your conversations with Siri or dictation audio without any permission prompts at all. Even worse, this particular exploit would also allow the app to request DoAP audio on-demand, bypassing the need to wait for the user to talk to Siri or use dictation,” the developer added.

Thankfully, Apple has already released an update to fix this issue. All you need to do is download and install iOS 16.1 on your iPhone.

How to download and install iOS 16.1 on your iPhone

Step 1: Go to the Settings app.

Step 2: Go to General settings and the go to Software Update section.

Step 3: If you see that a software update is available for you, click on the download and install option to complete the process.

The post SpySiri iOS bug can allow malicious apps to hear your conversations with Siri: How to fix it appeared first on BGR India.