Attackers exploit Siri Shortcuts app to steal data and spread scareware

• The app, which was introduced in iOS 12, can be manipulated to capture user data by attackers.
• Research by IBM indicated that the Siri Shortcuts app can allow scripting to perform advanced tasks in the user’s devices.

Siri Shortcuts, an app which made its way into iOS 12 last year, now has a security issue in its functionality. It appears that the app can be exploited by attackers to steal data on iPhone devices.

Tech giant IBM, which discovered this vulnerability earlier, warned that the app allows scripting for complex tasks such as uploading content or locking screens.

Moreover, it has come to notice that attackers use this app to spread scareware on top of capturing user data. The attackers trick users into downloading malicious software following which, a ransom is demanded to keep stolen data from being leaked.

Scareware ransom demands

John Kuhn, Senior Threat Researcher at IBM spoke more on this loophole in an official blog that detailed the analysis.

“Using native shortcut functionality, a script could be created to speak the ransom demands to the device’s owner by using Siri’s voice. To lend more credibility to the scheme, attackers can automate data collection from the device and have it send back the user’s current physical address, IP address, contents of the clipboard, stored pictures/videos, contact information and more. This data can be displayed to the user to convince them that an attacker can make use of it unless they pay a ransom,” said Kuhn.

Upon further probing, the analysis also showed that a custom shortcut (demonstrated by IBM) can be renamed to attract users into clicking it.

Thus, it is recommended for iPhone users to exercise caution when downloading custom shortcuts which are available in plenty online. Some of them may be malicious software that can integrate into Siri Shortcuts to exploit devices.