6
Feb
2019
By: Diana K

Fact Or Myth: Abuse Of Siri's Shortcuts For Malware Propagation And Extortion Demands

272 Views 3 Mins To Read

 

Apple added a powerful feature, Siri Shortcuts, in iOS 12. This shortcut can abuse to trick or scare users in spreading malware, data exfiltration and for paying demands of ransom. All this is possible with the intrusive and powerful Siri Shortcuts. These shortcuts are available in the current versions of the operating system.

With Siri Shortcuts, users can automate a series of operations that are easy with the voice commands of Siri. Besides creating shortcuts of Siri, iOS users can download official shortcuts application from App Store to get access to thousands of shortcuts (user-made) and iOS apps. The users can install their Siri Shortcuts.

 

Abuse Of Siri's Shortcuts For Malware Propagation And Extortion Demands

 

The shortcut supports different operations, from file moving - opening apps to complicated tasks, such as uploading content or locking screen. The threat research of IBM X-Force, John Kuhn, believes the abuse of this shortcut.

Kuhn claimed that the Siri could be used for malicious drives. Shortcuts are formed for scareware, a pseudo ransom movement to scare victims to make payment to criminals. The criminals can make them believe that they have sensitive data of remote attackers.

The experts claim that Siri Shortcuts are easy to generate to ask for ransom. Moreover, attackers can use scripts to collect data from your phone and use it for verbal coercion threat to make it autunitic and convincing.

The malicious scripts are available to web pages for ransom demands. The web pages may display sample information uploaded from the phone of the victim within a few seconds. These schemes sound silly to technical users with details of cyber-security problems. It is easy to impress non-technical users. For this reason, tech support and scareware scams are successful nowadays. For nontechnical users, it is difficult to distinguish empty threats from valid ones.

Moreover, Kuhn claims that a malicious shortcut script of Siri may send an automatic message to the entire contact list of a victim. It can spread download links to more potent malware. A team of IBM X-Force and Kuhn team impulse users to take similar precautions with scripts similar to browser extensions and iOS apps. Users must choose trusted sources to download and install Siri Shortcuts.