Siri saves in certain circumstances encrypted emails in plain text> Macerkopf


| 3:33 pm | 0 comments

As The Verge reports, a flaw has crept into Apple's macOS Mail app. The problem is caused by Siri, as the voice assistant may store content from encrypted mail in an unencrypted plain text database. Meanwhile, Apple offers an option that can disable the Siri indexing of emails.

Siri "remembers" selected emails

IT security expert Bob Gendler examined how Siri works on the Mac, finding several databases that Siri uses as the basis for suggestions. For example, there is a file that contains email signatures of people you are in contact with via the mail app. While this type of data collection is still one of Siri's tasks, the snippets.db file becomes problematic. For example, this database contains unencrypted e-mail content which, in Gendler's case, was encrypted using the S / MIME standard.

As Gendler explains, the problem is at least since macOS 10.12 and exist in the current version macOS Catalina 10.15. He already drew Apple's attention to the problem in July. So far, there is only one option that can disable the scanning of emails.

Disabling Siri Indexing

Compared to The Verge Apple said that they will take care of the criticized behavior in a future software update. It also states that only parts of some e-mails are stored. Of course, the behavior has no effect on the general encryption via FileVault.

Concerned users can choose in the system settings, under the category "Siri", the option "Siri suggestions & privacy". Here you can select the apps that Siri's suggestions are based on. If you deactivate it in the "Mail" list, Siri will not save any e-mail information.

Source link



Please enter your comment!
Please enter your name here