• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
RestorePrivacy

RestorePrivacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Skiff Mail Review
    • Runbox Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • NordVPN vs Surfshark
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Skiff Mail Review
    • Runbox Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • NordVPN vs Surfshark
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

iOS Apps with Bluetooth Access Could Listen to Siri Conversations

October 27, 2022 By Heinrich Long — 4 Comments
iOS Apps with Bluetooth Access Could Listen to Siri Conversations

Security researcher Guilherme Rambo has discovered a flaw in Apple’s Bluetooth security, allowing any iOS app with Bluetooth access to eavesdrop on the user’s conversations with Siri.

To make matters worse, the breach wouldn’t be evident to the user as the app wouldn’t need to request microphone access to perform the eavesdropping, nor would it leave any apparent traces of malicious activity behind.

The only prerequisite for this attack was for the target to use AirPods or Beats headsets, which are pretty common for iPhone users.

The privacy repercussions arising from this problem depend on what conversations people have with Siri and how exposing they are to their identity, location, personal preferences, habits, etc.

Listening to AirPods

AirPods 2nd gen and later can invoke Siri with a simple voice command, effectively starting a special DoAP service used for Siri and Dictation support.

The researcher deployed a Bluetooth sniffer that can connect to BLE devices and query their GATT database, to capture data exchanges from the AirPods to the iPhone and vice versa.

The tool logged a stream of bytes when the Siri DoAP service was activated, which is when the user invokes the assistant with “Hey Siri”.

The stream of data from the DoAP audio was encoded with the Opus codec to make transmissions suitable for BLE, so to hear user conversations, Rambo just needed to reverse the encoding and get clear audio.

Finally, the researcher created an app requesting iOS for Bluetooth permission, connecting to the AirPods and keeping the connection open to capture notifications and audio data.

When the streaming starts, the app records the audio in WAV form and feeds it to an Opus decoder, storing all conversations in audio snippets.

If an attacker wanted, they could exfiltrate those snippets to a remote system and wipe them locally, leaving no trace of the covert eavesdropping activity.

“In a real-world exploit scenario, an app that already has Bluetooth permission for some other reason could be doing this without any indication to the user that it’s going on because there’s no request to access the microphone, and the indication in Control Center only lists “Siri & Dictation”, not the app that was bypassing the microphone permission by talking directly to the AirPods over Bluetooth LE.”

Guilherme Rambo – rambo.codes

Fix and Mitigation

The issue was reported to Apple on August 26, 2022, and the consumer tech giant addressed it on October 24, 2022, with the release of iOS 16.1, assigning it the identifier CVE-2022-32946.

Apple restricted direct access to the AirPods DoAP service over BLE GATT, adding all third-party apps to a deny list.

Rambo tested the issue on iOS version 15 too, and the DoAP service was susceptible to external eavesdropping, so it’s likely that anything prior to 16.1 is vulnerable.

Possibly, this flaw has remained open to exploitation for years, but due to its stealthy nature, even if it was leveraged in the wild, it was never discovered and reported.

iPhones and iPads running on an earlier version are vulnerable to this flaw, so their users are advised to either move to a newer and actively supported model or stop using AirPods with their devices.

About Heinrich Long

Heinrich is an associate editor for RestorePrivacy and veteran expert in the digital privacy field. He was born in a small town in the Midwest (USA) before setting sail for offshore destinations. Although he long chafed at the global loss of online privacy, after Edward Snowden’s revelations in 2013, Heinrich realized it was time to join the good fight for digital privacy rights. Heinrich enjoys traveling the world, while also keeping his location and digital tracks covered.

Reader Interactions

Comments

  1. Bronco

    October 29, 2022

    Interesting…
    https://www.privateinternetaccess.com/blog/eucj-vpn/

    Reply
  2. Bronco

    October 29, 2022

    I never used Siri, and I wouldn’t use anything similar whatsoever. You always know that these types of services are designed to grab your private data, so anybody privacy conscious should avoid Siri anyway. But there is no doubt in my mind that smartphones are not good for privacy, not to mention anonymity.

    Reply
  3. BoBeX

    October 28, 2022

    Great Article!
    These researchers are so clever. I hope Apple gave them a reward.
    It sounds like Apple acted quickly on this, well done to them.

    P.S. A question please?

    Australia has had several serious cyber attacks in the last couple of months. And against of our largest organisations.

    1) Concerning the Medibank Private breach, has RP any insight into what data has been dumped on the dark web (I am hearing a partial dump) or what the attackers are saying (I have heard nothing of this)? (The suggestion is that the Optus hacker was a kid or an amateur. Nobody seems to be suggesting this with this Medibank breach.)

    2) Why is medical data so valuable to cyber criminals? I have been trying to find out and I have heard a range of suggestions. 1) Blackmail / extortion towards public persons; 2) Acquiring false drug prescriptions; 3) That medical information can be used as proof of identity (for financial theft).
    It is not hard to imagine what a cyber criminal may do with stolen credit cards, but it is hard to imagine how medical information is monetised, yet I hear stolen medical data sells for more that stolen credit card data. What’s up with this?

    Reply
    • Anon

      October 28, 2022

      “Healthcare data is valuable on the black market because it often contains all of an individual’s personally identifiable information, as opposed to a single piece of information that may be found in a financial breach. Often these attacks see hundreds of thousands of patient’s data and privacy compromised or stolen by those with malicious intent. According to a Trustwave report, a healthcare data record may be valued at up to $250 per record on the black market, compared to $5.40 for the next highest value record (a payment card). Because of the desirability of the data and the lure of monetary gain, it is important that this security threat is not underestimated by healthcare industry IT professionals and that steps are taken to safeguard this data. Most of these breaches can be attributed to criminal insiders and hackers gaining access through third-party vendors.”
      from here
      https://www.securelink.com/blog/healthcare-data-new-prize-hackers/

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browser
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN [63% Off Coupon] or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

RestorePrivacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

RestorePrivacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP