Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malicious Hackers Can Abuse Siri Shortcuts: IBM
#1
Quote:The Siri Shortcuts that Apple introduced in iOS 12 can be abused by attackers for malicious purposes, IBM’s security researchers have discovered.
Siri Shortcuts, meant to provide users with faster access to applications and features, automate common tasks and can either be enabled by third-party developers in their apps or custom-designed by users who download the shortcuts app from the App Store.
Once up and running on a user’s device, the application can perform complex tasks, which presents potential security risks, John Kuhn, senior threat researcher at IBM Managed Security Services, explains in a blog post.
Siri Shortcuts can facilitate a broad range of interactions between users and their devices, either directly from the lock screen or through existing apps. What’s more, users can share these Shortcuts from the app itself via iCloud.
Developers can create Shortcuts and present them to users from within their apps, and the shortcuts can appear on the lock screen or in ‘search’, based on time, location and context.
According to IBM’s security researchers, Shortcuts could be created for malicious purposes, such as scareware, a pseudo-ransom attack in which cybercriminals scare victims into paying by leading them to believe that their data has been compromised.
“Using native shortcut functionality, a script could be created to speak the ransom demands to the device’s owner by using Siri’s voice,” Kuhn says.
An attacker could automate data collection from the device (current physical address, IP address, contents of the clipboard, stored pictures/videos, contact information and more), and then have the data displayed to the user to convince them that the attacker can use the data.


Read more... SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ransomware gangs abuse Process Explorer driver to kill security software mrtrout 0 424 04-20-2023 , 07:56 PM
Last Post: mrtrout
  Compromised Credentials Show That Abuse Happens in Multiple Phases Bjyda 0 940 02-17-2021 , 09:55 PM
Last Post: Bjyda
  Mozilla shuts down Firefox Send file transfer service after malware abuse mrtrout 0 983 09-17-2020 , 11:34 PM
Last Post: mrtrout
  Update Copycat criminals abuse Malwarebytes brand guardian 0 1,275 04-18-2020 , 01:06 PM
Last Post: guardian
  New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer sidemoon 0 1,799 03-26-2020 , 01:22 AM
Last Post: sidemoon

Forum Jump:


Users browsing this thread: 1 Guest(s)