AppleStorm – Unmasking the Privacy Risks of Apple Intelligence

Apple Intelligence, Apple’s newest AI product, is designed to enhance productivity with AI while maintaining Apple’s focus on user experience and privacy, often highlighting its use of localized models as a key advantage, combined with its Private Cloud Compute models. But how well do these assurances hold up under scrutiny? While Apple emphasizes privacy as a core principle, my findings challenge some of these claims, illustrating the importance of scrutinizing AI-driven assistants before widespread adoption.

In this talk, we take a closer look at the data flows within Apple Intelligence, examining how it interacts with user data and the potential security and privacy risks that come with it. Using traffic analysis and OS inspection techniques, we explore many of the different flows within Apple Intelligence and answer: what information is accessed, how it moves through the system, and if and where it gets transmitted. We’ll explore various interactions and features of Apple Intelligence. We’ll show how some features are processed locally on the device, while others involve transmitting data to Apple’s servers. While some of these data flows are legitimate and necessary, others raise privacy concerns that Apple has acknowledged. Covering topics from encrypted traffic to potential data leaks, this presentation offers practical insights for both users and security professionals.

By:
Yoav Magid | Senior Security Researcher, Lumia Security

Presentation Materials Available at:
https://blackhat.com/us-25/briefings/schedule/?#applestorm—unmasking-the-privacy-risks-of-apple-intelligence-44712Black HatRead More