Black Hat 2025: Siri and Apple AI Found Sending Private Data Despite Privacy Settings

At the Black Hat 2025 conference, Lumia Security presented findings indicating that Siri and Apple Intelligence are sending private user data to Apple's servers, even when privacy settings are turned off. The data includes dictated WhatsApp messages, location information, app lists, and listening habits. This revelation has significant implications for user privacy and data security. The potential real-world consequences of this data collection include relationship issues, targeted scams, professional risks, and legal troubles. Apple has responded by stating that this is not a privacy issue due to the technical specifics of SiriKit. However, the fact that data is being sent without explicit user consent when privacy settings are turned off could be seen as a violation of user privacy. For cybersecurity professionals, this highlights the importance of understanding how AI-driven features handle user data and the potential risks involved. It also underscores the need for organizations to review their policies on using such AI assistants, especially when handling sensitive data. In comparison to other AI assistants, this issue appears to be unique to Apple's implementation, which could warrant further investigation and potential mitigation strategies.