Apple recently released iOS 16.1 earlier this week. The update fixed several vulnerabilities in iPhones, one of which could have caused apps with kernel privileges to run a piece of maliciously crafted code — a bug that Apple says was activated by hackers. could have been exploited. In addition, the iOS 16.1 update also fixed a vulnerability called ‘SpySiri’. This vulnerability could allow a malicious app to listen in on all of a user’s conversations with Siri.
The bug was discovered by 9to5Mac contributor and developer Guilherme Rambo, who discovered it while working on his AirBuddy. During its analysis, Rambo found that a malicious app could listen in and record all user conversations via connected Apple AirPods or Beats headphones with Apple’s voice assistant Siri using Bluetooth connectivity.
“Any app with access to Bluetooth can record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This is done without the app requesting permission for microphone access and without the app. without leaving a trace that he was listening to the microphone,” he wrote in a blog post explaining the vulnerability.
Furthermore, the developer said that in a real-world scenario, an app that already has Bluetooth permission for some other reason could record all of a user’s conversations with Siri “without prompting the user.” That it is running, because there is no request to access the microphone, and the prompt in Control Center only lists “Siri & Dictation”.
Worryingly, this bug affects macOS as well. “So at least on macOS, apps will be able to record your conversations with Siri or dictation audio without permission. Worse, this particular exploit would allow the app to request DOAP audio on-demand, the user except for needing to wait to talk to Siri or use dictation,” the developer said.
Thankfully, Apple has already released an update to fix this problem. All you have to do is download and install iOS 16.1 on your iPhone.
How to Download and Install iOS 16.1 on Your iPhone
Step 1: Go to the Settings app.
Step 2: Go to General Settings and go to Software Update section.
Step 3: If you see that a software update is available for you, click on Download and Install option to complete the process.
The post SpySiri iOS bug could allow malicious apps to listen in on your conversations with Siri: How to fix it first appeared on BGR India.
