A bug in iOS 16 allowed apps to secretly listen to your conversations

---

Apple quietly fixed a dangerous bug that allowed any app that accessed Bluetooth to listen to your conversations. By quietly releasing iOS 16.1 earlier this week.

Don’t wait any longer to update your iPhone to iOS 16.1 if you haven’t already. Since Apple has fixed a number of security flaws, including a fairly significant one, in addition to the new features included in this new version. Thanks to Siri’s voice dictation and AirPods, a dangerous bug allowed any application that could access the device’s Bluetooth connection. To listen to and record your conversations.

Guilherme Rambo, the creator of AirBuddy, a macOS app that makes it simple to connect Bluetooth devices. Like AirPods and Beats headphones, to Macs, found this bug. Which has since been renamed SiriSpy. And he discovered something strange by taking a closer look at the AirPods.

He then understood that all apps with access to the Bluetooth connection could record sound. While using AirPods and Siri’s voice dictation feature, which is available into the iOS keyboard. Even worse, he found that the impacted apps could listen to (and record) the sounds picked up by the microphone. Without even requesting permission to do so. Most importantly, they made no record of this activity.

Due to an iOS 16 bug, apps could listen to your Siri conversations

The developer wrote a small application to perform a number of tests. In order to determine whether the issue he had identified was present on other Apple operating systems. And that helped him to comprehend the operation of this anomaly.

Therefore, the user still had to grant apps access to the iPhone’s Bluetooth in order for the bug to function. He thinks that applications shouldn’t be able to access recorded sounds through Siri’s voice dictation feature. That is available on the iOS keyboard, though.

On the other hand, the developer found that no access permission request took place on macOS. Siri voice dictation could be in use by any app to record conversations. However, the worst was yet to come because the bug might have enabled programs to listen in on audio being captured by the microphone even when the user was not speaking to Siri or using voice dictation.

Guilherme Rambo went into detail in a long blog post about all the work he did to find this breach. We learn that at the end of August, he found this bug and immediately reported it to Apple. Apple has incorporated the required patches on all impacted OSs after conducting its investigation using the developer’s elements. He received a 7,000 dollar bonus from the Californian company for his discovery.