Virtual Assistant Siri can be used to deceive users. The method is based on how Siri tries to recognize an unknown contact, but it’s very easy to uncover fraud if you look closely at the details.
The cyber security company released a demo exploit and explained that there are two ways to deceive. First, the hacker sends someone an email from a fake account with a phone number. If the recipient answers the email, Siri will begin to try to recognize the sender.
There are two ways to do such a trick. The hacker sends someone an email from a fake account with a phone number, say, in the signature to the letter. If the target responds, even if the response is automatic, the number will be stored in the contacts.
You can also do the deception through a message, which is even easier. If the sender is presented in the message, Siri will also keep the contact.
Hackers can use this to obtain confidential information. After saving the contact, they can call the target to “confirm details about the account” or send a malicious link. If the user believes, the hacker will gain access to his device.
Siri is smart enough not to save the numbers of banks and credit unions from messages and emails in contacts, but a virtual assistant is easy enough to cheat if you use the name of the financial institution.
Apple has been aware of the problem since April 25, and a week later said that it does not consider it a serious threat to security. This makes sense, because the company can not do anything with such sophisticated methods of deception that hackers come up with.