Malicious Siri Shortcuts are a real possibility warns one developer, so users need to start treating all of them as potential threats. He calls on Apple to fix their problems.
Shortcuts debuted last fall in iOS 12. They are small apps that can be used to automate iOS features. That apparently makes them well suited for creating malware.
Simeon Saëns, a co-creator of the iPad app Codea, wrote on Twitter, “I’ve just been made aware that it is trivially easy to steal highly sensitive & personal information from an iPhone via Shortcuts.” Among the information he says can be obtained is “highly personal contacts, names you’ve typed into iMessage, addresses, browsing history, app usage, file contents.”
Siri Shortcuts: a two-edged sword
Apple says “Siri Shortcuts let you quickly do everyday tasks, and with the apps you use the most — all with just a tap or by asking Siri.”
Anyone can create their own, but most people are probably more likely to download pre-written ones from sites like ShortcutsGallery.com. As Saëns points out, any Shortcut found online could potentially siphon information off the iPhone running it.
The developer notified the iPhone maker of this discovery. “I’ve disclosed all the details to Apple and hope that they fix it, but the more Shortcuts becomes mainstream, the more people need to be aware of how they can be powerfully misused,” said Saëns.
Apple has often stated that it regards privacy as a fundamental human right. Making Shortcuts able to easily steal data from users is hardly in keeping with that goal. And revelation goes on top of the black eye the company just received from a huge FaceTime bug.