Guilherme Rambo, an independent developer and contributor to 9to5Mac, was the one who uncovered the flaw and subsequently informed Apple of it. Rambo is the creator of the app AirBuddy, which streamlines the process of pairing Bluetooth devices like AirPods, Beats, and other headphones and speakers with a Mac. As a result of this, he devotes a significant amount of his time to working with AirPods and understanding how they function behind the scenes. The following is a summary of the issue that Rambo discovered. He reported to Apple, and that Apple resolved with the release of iOS 16.1: After discovering the issue, Rambo created an app to identify Apple’s affected operating systems. The following are some of the things that the app did:
Requests Bluetooth authorization. Locates a Bluetooth LE device that is connected and has the DoAP service. To receive notifications when streaming begins and ends and when new audio data is received, subscribe to its characteristics. When streaming begins, a new.wav file is created. Next, a decoder reads the Opus packets from the AirPods and uploads the uncompressed audio to the file. After the streaming is over, the.wav file is closed. A local push message is sent to show that the app was successful in capturing the user in the background.
When using iOS, it was still necessary for the user to grant permission to the application to enable Bluetooth communication. But, as Rambo explains, “most users would not expect that giving an app access to Bluetooth could also give it access to their conversations with Siri and audio from dictation.” However, this was not the case on macOS: Rambo’s entire approach about SiriSpy is documented on his blog. On August 26, he reported the fault to Apple, received a response on August 29. The software upgrades to resolve the problem were issued on October 24. Read Also: Apple Confirms iPhone 15 is Getting USB-C Port