Apple’s Siri contact suggestions to identify unknown calls and messages has been a helpful feature, giving us a probable idea of who the user may be, just in case we don’t have the number saved on the phone. However, in a new development, cybersecurity company Wandera has now demoed how this Siri feature can be easily exploited and used for phishing attempts in the future. When a number is unknown, Siri attempts to find suggestions by throwing a ‘Maybe: XXXX’ banner on your incoming call screen or in iMessages as well. Phishers may try to use this Siri’s ‘Maybe’ feature to mislead users of who they really are.
Fortune explains that this trick works in two ways – one way is to just make a fake account of the name you want to display in the feature, and send an email to the target. If the target responds, then the ‘Maybe’ feature will show the fake account name every time the phisher calls or texts in the future.
Bloomberg’s Mark Gurman notes that this contact suggestions feature has been around since iOS 9, and for all the users who don’t wish to be misled, Apple could easily add a switch to toggle the Siri feature off. Wandera said it reported this issue to Apple which noted it as a software issue, and not a security vulnerability.