iOS 16.1 was released earlier this week for public release. The update comes with new features, including
Live Activitiesa
new battery icon and a customizable lock screen.
The Apple firm also took advantage of the update to release some security patches. There were quite a few vulnerabilities fixed, but one in particular caught the eye.
SiriSpy: a flaw allowing to spy on conversations with Siri
The flaw was discovered by Guilherme Rambo, the developer of the AirBuddy app that makes it easy to connect AirPods, Beats and other wireless headphones to a Mac. He named it SiriSpy, as the vulnerability allowed
“any app with Bluetooth access to record your conversations with Siri and iOS voice dictation audio when using AirPods or Beats headphones. ».
The developer adds that
“This happens without the app asking for permission to access the microphone and without it leaving any traces. ». In other words, all that was needed was a headset connected via Bluetooth (and a minimum of knowledge of data flow analysis) to access conversations with Siri and the audio of the voice dictation function.
Note that the same flaw was detected on macOS, but Apple also fixed it in time.
Source :
Rambo.codes