Home / iOS / Siri Shortcuts can be abused for extortion demands, malware propagation

Siri Shortcuts can be abused for extortion demands, malware propagation


Apple disables FaceTime after serious security flaw found
Apple iPhone users discovered a serious FaceTime bug that lets you hear audio from another iPhone or even view live video without the recipient’s knowledge.

Siri Shortcuts, a feature that Apple added in iOS 12, can be abused to scare or trick users into paying ransom demands, spread malware, and for data exfiltration, according to a proof-of-concept video published by IBM Security researchers.

This is possible because Siri Shortcuts is one of the most powerful and intrusive features present on modern versions of the iOS operating system.

Siri Shortcuts were created as a way for users to automate a sequence of operations that they can call using a Siri voice command. Besides being able to create Siri Shortcuts themselves, iOS users can also download the official Shortcuts app from the App Store to gain access to thousands of other user-made Shortcuts, and the iOS apps they install can install their own Siri Shortcuts as well.

Siri Shortcuts support a wide range of operations, from simple file moving tasks or opening apps, to more complex ones like screen locking or uploading content online.

It’s these latter features that John Kuhn, a senior threat researcher at IBM X-Force, believes are primed for abuse.

“Using Siri for malicious purposes, Shortcuts could be created for scareware, a pseudo ransom campaign to try to scare victims into paying a criminal by making them believe their data is in the hands of a remote attacker,” Kuhn said.

The expert says Siri Shortcuts that speak out ransom demands are easy to create. Further, attackers can use the scripts to first gather data from the phone, and use it in the spoken extortion threat to give it more authenticity and sound more convincing.

The malicious script can be even made to open a web page showing a ransom demand, and this web page can also display sample data uploaded from the victim’s phone seconds before.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!