Cybersecurity Company Demos How Siri Feature Can Be Exploited To Assist Phishing Attempts
Siri on iOS 12 has received quite notable upgrades at this year’s WWDC event. While the virtual assistant might lag behind the Google Assistant in some ways, iPhone users have always look forward to it for assistance. However, according to the Cybersecurity form Wandera, Siri could potentially be exploited by scammers to assist with phishing attempts.
Cybersecurity Firm Demos How Siri Feature Can Be Exploited To Phishing
The company has demoed how the threat relies on Apple’s virtual assistant attempting to identify unknown callers where it presents you with a misleading apprehension of who they are. Siri relies on a number of approaches to look for the person when it does not recognize a caller. When this happens, Siri will present the incoming call as a ‘Maybe’ followed by the possible name of the person.
As the word suggests, ‘Maybe’ and the name next to it is something that Siri is not certain of. It acts as a clue when Siri presents the caller’s identity. However, some incautious users might rely on the information as being true, which it potentially isn’t situations if the feature has been successfully exploited. For instance, the name of the bank. Fortune reports Wandera Cybersecurity company detailing the process.
There are two ways to pull off this social engineering trick […] The first involves an attacker sending someone a spoofed email from a fake or impersonated account, like “Acme Financial.” This note must include a phone number; say, in the signature of the email. If the target responds—even with an automatic, out-of-office reply—then that contact should appear as “Maybe: Acme Financial” whenever the fraudster texts or calls next.
The subterfuge is even simpler via text messaging. If an unknown entity identifies itself as Some Proper Noun in an iMessage, then the iPhone’s suggested contacts feature should show the entity as “Maybe: [Whoever].”
While Apple blocks certain words and phrases like ‘Bank’ and ‘Credit Union’ it most certainly does not block specific names. The Cybersecurity firm stated that it had reported the issue to Apple back in April. Apple, on the other hand, does not consider it to be a potential security threat or vulnerability.
Apple did consider it to be a software issue ‘to help get it resolved,’ which might result in enhanced protection. There will be more to the story, so be sure to stay tuned in for more details. This is all for now, folks. What are your thoughts on the matter? Let us know in the comments.