Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label encrypted communications. Show all posts
siri
Apple Apple Intelligence Cloud Computing Data collection encrypted communications Privacy siri

Research Raises Concerns Over How Apple’s Siri and AI System Handle User Data

 



Apple’s artificial intelligence platform, Apple Intelligence, is under the spotlight after new cybersecurity research suggested it may collect and send more user data to company servers than its privacy promises appear to indicate.

The findings were presented this week at the 2025 Black Hat USA conference by Israeli cybersecurity firm Lumia Security. The research examined how Apple’s long-standing voice assistant Siri, now integrated into Apple Intelligence, processes commands, messages, and app interactions.


Sensitive Information Sent Without Clear Need

According to lead researcher Yoav Magid, Siri sometimes transmits data that seems unrelated to the user’s request. For example, when someone asks Siri a basic question such as the day’s weather, the system not only fetches weather information but also scans the device for all weather-related applications and sends that list to Apple’s servers.

The study found that Siri includes location information with every request, even when location is not required for the answer. In addition, metadata about audio content, such as the name of a song, podcast, or video currently playing, can also be sent to Apple without the user having clear visibility into these transfers.


Potential Impact on Encrypted Messaging

One of the most notable concerns came from testing Siri’s dictation feature for apps like WhatsApp. WhatsApp is widely known for offering end-to-end encryption, which is designed to ensure that only the sender and recipient can read a message. However, Magid’s research indicated that when messages are dictated through Siri, the text may be transmitted to Apple’s systems before being delivered to the intended recipient.

This process takes place outside of Apple’s heavily marketed Private Cloud Compute system, the part of Apple Intelligence meant to add stronger privacy protections. It raises questions about whether encrypted services remain fully private when accessed via Siri.


Settings and Restrictions May Not Prevent Transfers

Tests revealed that these data transmissions sometimes occur even when users disable Siri’s learning features for certain apps, or when they attempt to block Siri’s connection to Apple servers. This suggests that some data handling happens automatically, regardless of user preferences.


Different Requests, Different Privacy Paths

Magid also discovered inconsistencies in how similar questions are processed. For example, asking “What’s the weather today?” may send information through Siri’s older infrastructure, while “Ask ChatGPT what’s the weather today?” routes the request through Apple Intelligence’s Private Cloud Compute. Each route follows different privacy rules, leaving users uncertain about how their data is handled.

Apple acknowledged that it reviewed the findings earlier this year. The company later explained that the behavior stems from SiriKit, a framework that allows Siri to work with third-party apps, rather than from Apple Intelligence itself. Apple maintains that its privacy policies already cover these practices and disagrees with the view that they amount to a privacy problem.

Privacy experts say this situation illustrates the growing difficulty of understanding data handling in AI-driven services. As Magid pointed out, with AI integrated into so many modern tools, it is no longer easy for users to tell when AI is at work or exactly what is happening to their information.




Read more »
mega-trial
Belgium covert apps Cyber Crime drug trial encrypted communications Law Enforcement mega-trial

Belgium Commences Mega Drug Trial After Covert Apps Cracked

 

A significant trial began in a Belgian court on Monday, involving over 120 individuals accused of offenses such as drug and arms trafficking, extortion, torture, and attempted murder. This trial is notable not only for its sheer scale but also because it will scrutinize law enforcement's audacious methods of hacking encrypted communication services to gather evidence against drug networks across Europe.

Eric Van Duyse, spokesperson for the Belgian prosecutor's office, described the proceedings as a historic trial. The case centers on the groundbreaking actions taken by law enforcement to compromise and access data from secure communication platforms, namely Sky ECC and EncroChat. These hacked datasets were crucial in bringing charges against drug networks operating throughout the European continent.

The hearings are scheduled three times per week in the newly established "Justitia" courtroom within the former NATO headquarters. This courtroom is designed to accommodate significant trials, including those related to the Brussels terror attacks. The judges overseeing the Sky ECC trial aim to deliver a verdict by next spring. The trial's outcome is anticipated to be a testament to the effectiveness of cutting-edge investigative methods, but defense attorneys are poised to challenge the legality of the police hacks, contending that the data used as evidence was obtained unlawfully.

Originally slated to commence in November, the trial faced delays due to defense attorneys seeking the disqualification of judges involved in the case. Meanwhile, prior cases relying on data from Encrochat and Sky ECC have resulted in over 6,500 arrests worldwide, highlighting the global impact of the encrypted communication platforms' compromise, as reported by Europol.

The trial holds significant implications for Europe's escalating drug issue, with Belgium emerging as a major hub for cocaine and drug trafficking. The country's busy port of Antwerp has witnessed a surge in violence related to drug gangs, including a foiled plot to kidnap the former justice minister Vincent Van Quickenborne.

The investigation into Sky ECC began with a hack in July 2020, revealing how French and Dutch authorities obtained over 100 million messages from EncroChat. Subsequently, they uncovered a similar infiltration of Sky ECC, monitoring approximately 70,000 users and initiating a massive effort to decrypt the data and launch investigations.

While these operations successfully thwarted criminal activities, questions have arisen about their legality. Defense lawyers argue that evidence from the Sky ECC proceedings was unlawfully obtained, raising concerns about privacy violations and the right to a fair trial. The unprecedented nature of these operations has prompted legal challenges, with defense practitioners seeking clarity on national and supranational rules governing such investigations.

The defense contends that law enforcement's infiltration of an encrypted communication app sets a dangerous precedent, challenging fundamental legal principles. The issue of privacy infringement has been acknowledged by some courts, such as a Dutch court, which deemed it legally justifiable due to the predominantly criminal nature of the targeted user group. Legal challenges and questions about European cooperation in handling evidence gathered across jurisdictions further complicate the trial, with broader implications for the evolving landscape of law enforcement and privacy rights in Europe.
Read more »
Subscribe to: Posts (Atom)