SiriSpy – An Unwanted 3-Way Conversation with Siri

Apple has sort of been having a rough year with so many vulnerabilities popping up every now and then. In fact, the combined number of flaws has risen to reach 9 in total. Unfortunately, it didn’t stop there as a new bug surfaced that could allow Bluetooth-enabled apps to eavesdrop on conversations with Siri.

Siri makes everything convenient, especially with a user’s search functionality. However, the newly discovered bug can take privacy invasion to a whole new level.

The bug goes by the name SiriSpy and its identifier is CVE-2022-32946. What do we know about it? How can cybercriminals exploit this new Apple flaw? Make sure to give this article a quick read to find out more.

It’s Siri – Your Virtual Spy Assistant

As we mentioned, 2022 has been a year of vulnerabilities for all devices that fall under the “Apple” category. Just a couple of days ago, the company disclosed its 9th flaw that affected iOS and iPadOS users. It was pretty serious as it was actively exploited in the wild.

Now, macOS has joined the mix. In other words, the new CVE-2022-32946 bug is affecting iOS and macOS operating systems. But what does it do?

According to the company, this bug allows applications that operate with Bluetooth to access and spy on conversations initiated with Siri.

“An app may be able to record audio using a pair of connected AirPods,” adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.”

Fortunately, app developer Guilherme Rambo has shed more light on the matter with his full analysis of the vulnerability. Here’s what he included in his report:

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets.

This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.”

Alright! So basically, it all lies in the DoAP service that’s included in AirPods for Siri and Dictation support.

This enables threat actors to create any software/application with the ability to connect to the AirPods via Bluetooth and record everything related to audio in the background.

“There’s no request to access the microphone, and the indication in Control Center only lists ‘Siri & Dictation,’ not the app that was bypassing the microphone permission by talking directly to the AirPods over Bluetooth LE.”

So what is responsible for this behavior? According to Guilherme Rambo, it’s all in the lack of entitlement checks for BTLEServerAgent – the service responsible for handling DoAP audio.

Now, Apple has released an update patch that fixes this vulnerability on every affected device. Every single patch note data is available on Apple’s support page.

SpySiri: A Not-So-Private Conversation

Everyone whose device is affected should install the updates provided by Apple immediately. This flaw could definitely cause a privacy breach, which you don’t want at all.

Siri is a way to create convenience, and this flaw can disrupt that. Make sure your devices are always up to date and keep a keen eye on Apple’s announcements. You don’t know when a new vulnerability might pop up.