Siri shortcuts, which is claimed to be Apple’s most powerful feature in any iOS device, can potentially hack your data, spread malware and even trick non-tech users into paying ransom demands as well.
In iOS 12, Apple introduced the use of shortcuts for apps with the help of its voice assistant Siri, which lets users navigate within apps easily and perform the most common tasks in your phone automatically. While it all was cool, IBM saw a huge threat with the integration of the similar feature by third-party developers in their software.
All the iPhone or iPad users can create Siri Shortcuts themselves or download the official Shortcuts app from the App Store to try thousands of other user-made shortcuts but along with that the developers of 3rd party apps were also too quick to incorporate the feature of shortcuts and users can now also operate their favorite apps all with the help of Siri. This feature can be used for a wide range of tasks that includes things like moving a file or opening apps, to even locking up your screen or uploading your favorite things online.
But John Kuhn, a senior threat researcher at IBM X-Force, has found out that by using shortcuts, a hacker can easily use Siri’s voice for ransom campaigns that would scare users into believing that their personal data has been stolen from the phone and then eventually make its own demand.
Also Read: A new vulnerability affects the operations of 3G, 4G and 5G network protocolsThis all might not be a big problem for technical users who have comprehensive knowledge of cyber-security issues, but ordinary people can be easily trapped as they can’t differentiate an empty threat from a valid one, especially at a time when your own Siri starts blackmailing you.
Elaborating further, Kuhn told that a malicious Siri Shortcut script can also be sent automatically to the entire contacts list of the victim via messages. It will appear as a link on the recipient's phone asking them to install the script.
While this all is very alarming, Kuhn and the IBM X-Force team wants users to be extra careful with such scripts just like the way they deal with normal iOS apps and browser extensions. Moreover, they should only use Siri Shortcuts for trusted apps and before installing any new one, they should always look into all the permissions a shortcut is asking for, after all keeping phone and data safe should be the top priority.
"A sharp reminder to validate anything you install on your mobile device as Shortcuts allows you to see everything the script is capable of before installing.", Kuhn suggested.Read Next: Save yourself from potential data breaches with these tips
Featured Photo: GettyImages