Apple to fix Siri bug that exposed parts of encrypted emails

Apple may care about your privacy but that doesn’t mean it gets it right all the time, especially when it comes to training its Siri AI assistant. Last week, a researcher went public with a glaring security hole in the way that Siri gets to know you.

Apple IT specialist Bob Gendler was tinkering around in the macOS operating system to understand more about how Apple personalizes Siri for each user. During the process, he found that the operating system was storing portions of user emails in plaintext, even when they were supposed to be encrypted.

According to Gendler’s Medium post revealing the issue, Apple uses a system process called suggestd. Apple explains (as part of a help file system in the underlying BSD OS) that the program, which runs constantly, slurps content from various apps. These include Spotlight (the macOS indexing system), Mail, and Messages. It uses them to learn how you work and what you’re interested in, using it for things like news personalization.

When it read this information, it stores it in the snippets.db file inside the macOS Suggestions folder. Even emails encrypted with Secure/Multipurpose Internet Mail Extension (S/MIME), a technology that uses public and private keys to digitally sign and protect emails, didn’t escape. Suggestd stored the plaintext versions with no encryption at all in the database.

An attacker would need full disk access to your system files to look at this information, because macOS protects it with its System Integrity Protection feature, an OS X El Capitan-era security measure that ring fences important system files. However, we know from recent problems that some people have needed to turn this off, and Gendler says that any program with full disk access in macOS could potentially harvest the data. Because Apple’s Finder (the equivalent of Windows File Explorer) has full access, a rogue AppleScript program could do it.

What to do?

How do you stop macOS from storing your secret emails in plaintext? Simply turning off Siri won’t do it, because suggestd is still working behind the scenes. Instead, you can do it manually by entering a command in your terminal window (you don’t need to have root access to do it):

defaults write SiriCanLearnFromAppBlacklist -array

If you want to quickly stop Siri learning from all of your apps, open System Preferences, and then Siri. Click About Siri & Privacy, and then deselect all your apps in turn.

These solutions only work on a per-user basis, but Gendler also provides a longer script that you can run to turn off Siri-based Apple Mail snooping for all users on the system.

If an attacker could get malware on a victim’s Mac with full disk access, there is a chance they could read sensitive material from the snippets.db file, but the stars would have to align. It’s serious, but perhaps not as serious and visible a privacy issue as Apple’s revelation earlier this year that it was letting contractors listen to Siri recordings. It revised its policy on that quickly enough, but Gendler complains that it dragged its heels for 100 days after he reported this new issue, omitting a fix from several security updates across more than one OS version. He said:

For a company that prides itself on security and privacy, the lack of attention to detail on an issue like this completely and totally surprises me. It brings up the question of what else is tracked and potentially improperly stored without you realizing it.

Eventually, Apple sent him the instructions for turning off Siri-based app learning via system preferences that we’ve just given you.

Apple said it’s aware of the issue and says it will address it in a future software update.