Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.

Apple’s Siri contractors will no longer hear you having sex, making drug deals

Apple has decided to suspend what it calls Siri “grading” globally, while it conducts a “thorough review.”

Hey Siri! Read me this locked iPhone’s hidden messages…

Messages sent to your iPhone may not be as private as you think.

Read more in my article on the We Live Security blog.

How hackers could send secret commands to speech recognition systems with ultrasound

Chinese security researchers have discovered a way to send secret, inaudible commands to speech recognition systems such as Siri, Amazon Alexa or Google Home using ultrasound.

Read more in my article on the Tripwire State of Security blog.

Once again, Siri helps attackers bypass your iPhone’s passcode

It would be nice to think that as we’re now up to iOS 10 that Apple would have prevented such bypasses from working once and for all. But no such luck – for users who have left Siri enabled from the lockscreen at least.

Read more in my article on the Hot for Security blog.

Apple fixes iPhone passcode bypass flaw server-side, without having to push out an update

Apple was able to fix a privacy flaw without having to push any new software out to the millions of iPhones potentially at risk.

Read more in my article on the Tripwire State of Security blog.

Is it REALLY this simple to bypass the iPhone and iPad lockscreen?

Researchers claim multiple iOS 9 vulnerabilities allow attackers to bypass Apple device’s built-in passcode security – but some are skeptical.

David Bisson reports.

Ingenious attack shows how Siri could be hijacked silently from 16 feet away, but don’t lose any sleep

If no words are spoken, how could hackers send Siri a command?

French researchers have uncovered an ingenious – albeit somewhat impractical – way to hijack control of someone else’s iPhone.

Read more in my article on the Intego blog.

Even with the latest iOS 9.0.1 update, your iPhone’s lockscreen is unsafe

Before you know it, anyone with physical access to your ‘locked’ device could be accessing your personal photographs and contacts.

Hey Siri, how come strangers are listening to my private messages?

If you want to keep something private, keep your mouth shut.

Read more in my article on the Tripwire State of Security blog.

The latest iPhone lock screen bypass, and how to stop it

iOS 7 has brought some cool new features to Apple’s mobile operating system, but it has also introduced its fair share of embarrassing and unwelcome security holes.

Read about the latest Siri-powered iPhone lock screen bypass bug (and how to stop it) in my article on the Intego Mac Security blog.

Yet another iPhone lockscreen vulnerability. This time in iOS 7.02 [VIDEO]

Another day, another privacy vulnerability found in iOS.

When will Apple learn that a lockscreen should really, properly, lock the phone?

Never mind the lockscreen flaws, Siri rickrolls iOS 7 users

What happens on iOS 7 if you ask Siri, “What is today going to be like?”

Has Siri left your iPhone 4S unlocked?

Apple’s new “Siri” feature, the voice-activated personal assistant built into the iPhone 4S, leaves owners’ spanking new smartphones partially unguarded.