The Yandex Caller ID development team has identified a potential vulnerability in iOS 17.
The point is that scammers can write any text instead of the first and last name in the Contact Poster. For example, “Important call from the police” or “Bank security service.” This information will be received during a conversation with the owner of the iPhone, who will call.
Since scammers often issue new numbers, data about them may not be in the identification databases. It takes time to hit.
Visual posters and automatic license plate identification prompts in the Yandex application with Alice are different from each other. If you see caller ID data, the screen will indicate which application has activated it (in the case of our service). If there is no name for the application, it means that the potential interlocutor will generate information about himself, which may provide false information. Also in iOS 17, a “Possible” or “Maybe” mark was added in front of the poster – this also helps to enter the attacker’s command from the caller ID data.
— Yandex
Yandex has already sent a letter to Apple to wisely adjust the operation of the new iOS 17 feature, so that “a poster can only be shared if the poster owner’s contact is recorded in another person’s phone book.” [Известия]
Source: Iphones RU
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
