Cybersecurity Blog

Siri shortcuts vulnerable to abuse – 02/07/19


Siri shortcuts is a terrific time saving feature that Apple introduced as part of iOS12.  It allows multiple steps to be executed automatically with a single voice or tap command, bringing us one step closer to the mythical Star Trek computer. With a simple “Good Morning”,  Siri can tell you the day’s weather forecast, the traffic report and then play your favorite wake up tunes.

All you have to do is download the Siri Shortcuts app, determine what your cue word or phrase will be and then select your steps.  To save you time, the Shortcuts app has a gallery with tons of shortcuts all ready to use. You can also download shortcuts  created by a third party. This is where things get dangerous.

Hackers could easily create a shortcut capable of unmentionable horror. How much fun would it be to say “Good morning” and instead of getting the weather report, Siri informs you that your photos have been accessed and unless you pay the ransom, the following ones will be sent to your whole contact list (cue a slide show of you in various stages of undress).  Then to add insult to injury, the malware that made all of this happen, is sent to your friends and family. Welcome to the brave new world.

The goods news is you can enjoy this wonderful new feature and avoid the slide show of shame. All you have to do is take a few precautions:

  • Only download shortcuts from trusted sources like the Apple store
  • Review the permissions that a shortcut asks for before you accept them
  • Click the Show actions button before you install a shortcut. Make sure you know what actions it is going to perform before you install it

Happy shortcutting!!




Leave a Reply

Your email address will not be published.