SiriSpy – An iOS Issue Allowing Apps To Listen To Your Siri Conversations

This week, Apple made available to the general public iOS version 16.1 and macOS Ventura. In addition to the most notable new features and modifications, this update, SiriSpy, also includes vital security-related bug fixes. A flaw that allowed applications to listen in on your interactions with Siri has been fixed, and this is one of the most noteworthy of the updates.

Guilherme Rambo, an independent developer and contributor to 9to5Mac, was the one who uncovered the flaw and subsequently informed Apple of it. Rambo is the creator of the app AirBuddy, which streamlines the process of pairing Bluetooth devices like AirPods, Beats, and other headphones and speakers with a Mac. As a result of this, he devotes a significant amount of his time to working with AirPods and understanding how they function behind the scenes.

The following is a summary of the issue that Rambo discovered. He reported to Apple, and that Apple resolved with the release of iOS 16.1:

Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.

After discovering the issue, Rambo created an app to identify Apple’s affected operating systems. The following are some of the things that the app did:

• Requests Bluetooth authorization.
• Locates a Bluetooth LE device that is connected and has the DoAP service.
• To receive notifications when streaming begins and ends and when new audio data is received, subscribe to its characteristics.
• When streaming begins, a new.wav file is created. Next, a decoder reads the Opus packets from the AirPods and uploads the uncompressed audio to the file.
• After the streaming is over, the.wav file is closed. A local push message is sent to show that the app was successful in capturing the user in the background.

When using iOS, it was still necessary for the user to grant permission to the application to enable Bluetooth communication. But, as Rambo explains, “most users would not expect that giving an app access to Bluetooth could also give it access to their conversations with Siri and audio from dictation.”

However, this was not the case on macOS:

So at least on macOS, apps would be able to record your conversations with Siri or dictation audio without any permission prompts at all. Even worse, this particular exploit would also allow the app to request DoAP audio on-demand, bypassing the need to wait for the user to talk to Siri or use dictation.

Rambo’s entire approach about SiriSpy is documented on his blog. On August 26, he reported the fault to Apple, received a response on August 29. The software upgrades to resolve the problem were issued on October 24.

Read Also: Apple Confirms iPhone 15 is Getting USB-C Port