Saturday, April 10, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Siri Shortcuts can be abused for extortion demands, malware propagation

February 1, 2019
in Internet Security
Siri Shortcuts can be abused for extortion demands, malware propagation
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Siri Shortcuts, a feature that Apple added in iOS 12, can be abused to scare or trick users into paying ransom demands, spread malware, and for data exfiltration, according to a proof-of-concept video published by IBM Security researchers.

This is possible because Siri Shortcuts is one of the most powerful and intrusive features present on modern versions of the iOS operating system.

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

Siri Shortcuts were created as a way for users to automate a sequence of operations that they can call using a Siri voice command. Besides being able to create Siri Shortcuts themselves, iOS users can also download the official Shortcuts app from the App Store to gain access to thousands of other user-made Shortcuts, and the iOS apps they install can install their own Siri Shortcuts as well.

Siri Shortcuts support a wide range of operations, from simple file moving tasks or opening apps, to more complex ones like screen locking or uploading content online.

It’s these latter features that John Kuhn, a senior threat researcher at IBM X-Force, believes are primed for abuse.

“Using Siri for malicious purposes, Shortcuts could be created for scareware, a pseudo ransom campaign to try to scare victims into paying a criminal by making them believe their data is in the hands of a remote attacker,” Kuhn said.

The expert says Siri Shortcuts that speak out ransom demands are easy to create. Further, attackers can use the scripts to first gather data from the phone, and use it in the spoken extortion threat to give it more authenticity and sound more convincing.

The malicious script can be even made to open a web page showing a ransom demand, and this web page can also display sample data uploaded from the victim’s phone seconds before.

These might sound silly schemes in the eyes of technical users with knowledge of cyber-security issues, but a non-technical user can be easily impressed. There’s a reason why scareware and tech support scams are efficient today, in 2019, even if they’ve been around for more than 20 years. Non-technical users can’t always distinguish an empty threat from a valid one, especially when coming from their phone.

Furthermore, Kuhn argues that a malicious Siri Shortcut script can also be made into a worm that automatically messages a victim’s entire contacts list with a link to its source, asking others to install the script as well. It can also spread download links to even more potent malware, not just other Siri Shortcuts.

Kuhn and the IBM X-Force team urge users to take the same precautions with scripts as they do with normal iOS apps and browser extensions.

Users should install Siri Shortcuts only from trusted sources, and they should always check the permissions a Shortcut is requesting access to, before moving on with the installation process.

“As tempting as it might be to just scroll past that text and hit accept, users must be more aware of good security practices, which includes reading and understanding anything they authorize to run on their device,” Kuhn said.

Credit: Source link

Previous Post

New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets

Next Post

Should we say please and thank you when speaking to AI?

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
Should we say please and thank you when speaking to AI?

Should we say please and thank you when speaking to AI?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU
Machine Learning

Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU

April 10, 2021
Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021
Data Science

5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021

April 10, 2021
One-stop machine learning platform turns health care data into insights | MIT News
Machine Learning

One-stop machine learning platform turns health care data into insights | MIT News

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU April 10, 2021
  • Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison April 10, 2021
  • IBM releases Qiskit modules that use quantum computers to improve machine learning April 10, 2021
  • Hackers Tampered With APKPure Store to Distribute Malware Apps April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates