Siri is just trying her best, but she’s not always as helpful as you would like. Now she’s even more of a pain. Apparently, Siri can be easily manipulated by cybercriminals, helping to play into their phishing scams.
All it takes is the use of a proper noun in a phishing text message, and Siri will display the sender as “Maybe: [insert proper noun]. This means that hackers could find the name of a trusted or feared figure in someone’s life that one is almost certain to respond to, and pose as that person in a message, accompanied by a phishing link.
And it doesn’t only apply to first and last names, like your boss or friends. Researchers found that although the vulnerability does not work on obvious words like “bank,” it does work on their proper-noun counterparts.
The most alarming part of this news is perhaps just how little effort the maneuver takes on the hacker’s end. Any amateur cybercriminal can exploit the vulnerability, no hacking experience required. Apple has responded that they do not classify this as a security vulnerability but rather as a software bug.