SiriSpy – iOS bug allowed apps to eavesdrop on your conversations with Siri

I think they burried the lede here. Conversations with Siri are probably pretty generic but being able to evesdrop on keyboard dictation is pretty severe. I know people that use dictation for the majority of their text messages and email.

If an iOS app did not have &quot;Background App Refresh&quot; permission, could it still have exploited this vulnerability?<p>Can physical microphones be removed from Apple devices by a repair shop, while still allowing use of wired&#x2F;wireless headsets?<p>We need Purism-style hardware kill switches for microphones, cameras and radios.

&quot;iOS bug allowed apps to eavesdrop on your conversations with Siri&quot; should be &quot;iOS bug allowed apps to eavesdrop on your interactions with Siri and dictation over bluetooth&quot;

If you care about privacy, you should disable Siri and Dictation and blacklist guzzoni.apple.com.

Is there actually people using siri? It’s pretty useless here in Italy. Most conversations I guess could be something like “raise the volume” “call mom” or stuff like that.

The struck-through:<p>&gt; and then receive a reply in the form of &quot;here&#x27;s what I found on the web...<p>Really made me chuckle. As a non-Apple user who has to put up with Homepods, this rings so very true.

I&#x27;m an avid iPhone user but have never had the need or the desire to use Siri.<p>I suggest people do what I do, load a profile that disables Siri - easily created using the Apple Configurator tool (under &quot;Restrictions&quot; untick &quot;Allow Siri&quot;).<p>N.B. I&#x27;ve never looked closely under Settings on the phone itself, there may well be Siri off option there ? But I just load profiles as I find its easier for hardening.

Confused why you can’t use this to transcribe from any AirPods in your vicinity? I thought anyone could subscribe to a btle gatt attribute.

I wouldn’t have expected Opus in the AirPods. Unexpected from Apple and a quite interesting workaround around the mode switching.

Wonder if it’d also be possible to send commands to Siri, that could also have some implications.

A $7,000 bounty for eavesdropping and TCC (app permissions) vulnerabilities. Insulting.

Don&#x27;t forget that iOS and macOS silently re-enable Bluetooth on every software update. <a href="https:&#x2F;&#x2F;lapcatsoftware.com&#x2F;articles&#x2F;bluetooth.html" rel="nofollow">https:&#x2F;&#x2F;lapcatsoftware.com&#x2F;articles&#x2F;bluetooth.html</a>

$7k feels like a paltry sum for this discovery. Rambo is doing yeoman&#x27;s work.

Seems like $70,000 would have been a more fair bounty. This is a really nasty bug.

Is anyone else an avid iPhone user, yet also someone who never uses Siri? I&#x27;ve used an iPhone exclusively for the past 8 years, and I can count on one hand the number of times I&#x27;ve used Siri. Interestingly, the one person I know who loves using Siri is my 70yr old dad.

Sigh … I so much want Apple to get their shit together. To me it feels like software quality reached a new low.

I don&#x27;t want stories like this to be the reason I&#x27;m glad I switched to Graphene OS. I don&#x27;t want anyone hacked or spied on.