Although our criticisms of it are blunt, the Crab it has some cards up its sleeve that make it, say, at least funny. One of them is the resource that tries to ?guess? the identity of a number that is calling you and is not a contact saved in your phonebook: the assistant's artificial intelligence capabilities look for evidence on your iPhone that allows her to state who may be on the phone. on the other end of the line, displaying, below the dialer number, a ?Maybe: So-and-so?.
This resource, however, may be the door for some unsuspecting users to fall into scams and phone scams, at least as shown by the researchers at the cybersecurity company Wandera.
The theory of the firm, as shown by FortuneIt's simple: thieves can use the resource to impersonate financial institutions or other "trustworthy" companies and users who do not pay attention to "maybe" before the name of the possible contact can provide confidential information without realizing that they are falling for a blow.
All of this happens because of the way Siri ?guesses? the identity of the number that is calling. There are two ways: one by email if the malicious agents send you an email that contains a phone number, identify themselves in some way in that message and you reply to it (even with an automatic reply email, like "I'm busy") , the assistant will automatically suggest that identification when the number calls. The second way is even simpler, by SMS if Siri recognizes some form of identification (for example, ?Hi, here Bruno?) in a text message received from an unknown number, it will automatically suggest it.
the danger lies: the bad guys can identify themselves as banks or things like that and Siri has no way of guessing if it is real or not. It is true that the assistant blocks very obvious false identifications (the researchers cite ?bank? and ?credit cooperative? as terms that she does not accept as identification), but specific names of institutions, such as ?Ita? or ?Caixa Econmica?, pass in a nice.
Apple was warned of the problem and responded, saying it does not believe the issue represents a vulnerability. Who agrees with this the journalist Mark Gurman, who wrote about the case:
Interesting take. Really think this is a complete non-issue however. Has been an iOS feature since 2015. Apple could probably easily add a switch to disable it though. https://t.co/zGfaVrfkgx
– Mark Gurman (@markgurman) June 11, 2018
Interesting view, but I really think this is not a problem. an iOS feature since 2015. Apple could probably easily add an option to turn it off, however.
And as much as I tend to agree with Apple and Gurman how unlikely the feature will lead to major problems, to consider: how many times have we, in a hurry, caught our phone ringing madly and took a very quick look at the screen to know who was calling us? One cannot ignore the possibility that, in a moment of inattention, even the smartest user will fall for the bait. So, let us be aware.
via iPhone Hacks