• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Mobile
  • IBM experts warn of malicious abuses of Apple Siri Shortcuts

IBM experts warn of malicious abuses of Apple Siri Shortcuts

Pierluigi Paganini February 02, 2019

IBM’s security researchers demonstrated that the Siri Shortcuts introduced in the Apple iOS 12 can be abused by attackers.

Apple implemented Siri Shortcuts in the iOS 12 to allow users to rapidly access to applications and features, they can automate common tasks and can be integrated by third-party developers in their software.

Researchers at IBM Managed Security Services discovered that
Siri Shortcuts can be abused by hackers to perform malicious activities.

“This new feature can be enabled via third-party developers in their apps, or custom built by users downloading the shortcuts app from the app store. Once downloaded and installed, the Shortcuts app grants the power of scripting to perform complex tasks on users’ personal devices.” reads the analysis published by IBM.

“But accessing the phone from Siri Shortcuts also presents some potential security risks that were discovered by X-Force IRIS and reported to Apple’s security team.”

Experts pointed out that Siri Shortcuts improve interactions between users and the device, it allows the implementation of access directly from the lock screen or through existing apps. Users can also share the Shortcuts from the apps via iCloud.

The shortcuts can be presented by developers on the lock screen or in ‘search’ field, based on time, location and context.

“The shortcut can then appear on the lock screen or in ‘search’ when it is deemed appropriate to show it to the user based on time, location and context.” continues the analysis.

“For example, a user approaches their usual coffee shop, and the relevant app pops up a shortcut on the screen to allow them to order the usual cup of java and pay for it on the app before they even enter the coffee shop.”

siri shortcuts

Experts at IBM explained that the new feature could be used to create for malicious purposes such as scareware, a pseudo ransom campaign that attempts to scare victims and trick them into paying attackers by making them believe their data were stolen by hackers.

The attackers can use native shortcut functionality, they can develop a script to provide the ransom demands to the device’s owner by using Siri’s voice. Attackers can also automate data collection from the device (user’s current physical address, IP address, contents of the clipboard, stored pictures/videos, contact information and more) and send them to the victims to scare them.

“To move the user to the ransom payment stage, the shortcut could automatically access the Internet, browsing to a URL that contains payment information via cryptocurrency wallets, and demand that the user pay-up or see their data deleted, or exposed on the Internet,” continues the post.

What’s making this attack scenario more scaring is that the attacker could configure the malicious Shortcut to spread to the victim’s contact list, with this trick they prompt potential victims to download and install the malicious Shortcut.

Below a video PoC of the hack that shows how a Shortcut can change the device’s brightness and volume, can speak a ransom note that includes convincing personal details, can turn the flashlight on and off while vibrating at the same time, can display the spoken note in a written alert, and access the URL of a page containing payment information, in addition to spreading via messages to users’ contacts.

https://youtu.be/PlgPSwwZc80

“In our security research labs, we tested the ransom attack scenario. The shortcut we created was named ‘Ransom’ in the video, but it could easily be named any other name to entice users to run it. Lures, such as game cheats/hacking, unlocking secret functionality in apps, or getting free money, often entice users to tap on a shortcut and see where it leads,” explained John Kuhn, senior threat researcher at IBM Managed Security Services.

Siri Shortcuts open the door to a broad range of social engineering attacks, they could be abused to trick victims into installing any kind of malware on their devices.

Below some recommendations shared by the experts:

  1. Never install a Shortcut from an untrusted source.
  2. Check the permissions that the shortcut is requesting and never give permission to portions of your phone you are not comfortable with. Things like photos, location and camera could be used to obtain sensitive information.
  3. Use the show actions button before installing a third-party shortcut to see the underlying actions the shortcut might take. Look for things like messaging data to numbers you don’t recognize, emailing data out, or making SSH server connections to servers.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Siri Shortcuts, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]


facebook linkedin twitter

Apple mobile Pierluigi Paganini Security Affairs Siri Shortcuts

you might also like

Pierluigi Paganini July 10, 2025
Qantas data breach impacted 5.7 million individuals
Read more
Pierluigi Paganini July 10, 2025
DoNot APT is expanding scope targeting European foreign ministries
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    DoNot APT is expanding scope targeting European foreign ministries

    APT / July 10, 2025

    Nippon Steel Solutions suffered a data breach following a zero-day attack

    Data Breach / July 09, 2025

    Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

    Malware / July 09, 2025

    Hackers weaponize Shellter red teaming tool to spread infostealers

    Malware / July 09, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT