>I think they burried the lede here. Conversations with Siri are probably pretty generic but being able to evesdrop on keyboard dictation is pretty severe. I know people that use dictation for the majority of their text messages and email.
I agree with your take!!
If you scroll to the "Full TCC Bypass on macOS" portion, you can see that this bug allows folks to turn on an Airpod and direct that audio to a macOS device. This could enable what is known as a Tempest Attack[0,1]
>BTLEServerAgent did not have any entitlement checks or TCC prompts in place for its com.apple.BTLEAudioController.xpc service, so any process on the system could connect to it, send requests, and receive audio frames from AirPods. This exploit would only work on macOS, because the more restricted sandbox of iOS prevents apps from accessing most global mach services directly.
Stuff like that are why I hate Bluetooth in general, and I'm on the fence if either my laptop OR phone will be Apple products when I replace them.
(They seem to cater to people who replace their devices every year and camp out outside the Apple store for new Apple stuff like nerds rather than the folks who didn't want to spend every weekend messing with kernel drivers and thus adopted what I will continue to refer to as "shiny BSD" even though they long since changed the name from OSX to macOS.)
I agree with your take!!
If you scroll to the "Full TCC Bypass on macOS" portion, you can see that this bug allows folks to turn on an Airpod and direct that audio to a macOS device. This could enable what is known as a Tempest Attack[0,1]
>BTLEServerAgent did not have any entitlement checks or TCC prompts in place for its com.apple.BTLEAudioController.xpc service, so any process on the system could connect to it, send requests, and receive audio frames from AirPods. This exploit would only work on macOS, because the more restricted sandbox of iOS prevents apps from accessing most global mach services directly.
Stuff like that are why I hate Bluetooth in general, and I'm on the fence if either my laptop OR phone will be Apple products when I replace them.
(They seem to cater to people who replace their devices every year and camp out outside the Apple store for new Apple stuff like nerds rather than the folks who didn't want to spend every weekend messing with kernel drivers and thus adopted what I will continue to refer to as "shiny BSD" even though they long since changed the name from OSX to macOS.)
-- [0] https://en.wikipedia.org/wiki/Tempest_(codename)#Public_rese... [1] http://m6rqq6kocsyugo2laitup5nn32bwm3lh677chuodjfmggczoafzw[...