The Yandex automatic caller ID development team has discovered a potential vulnerability in Apple operating systems that could be exploited by scammers. Experts told Izvestia about this on Saturday, December 1.

iOS 17 users have the opportunity to customize a contact poster – set any image, as well as indicate their first and last name, which is visible to other users of the operating system.

It is reported that this function can be used by attackers. Instead of their first and last name, they can write any text: for example, “Important call from the police” or “Bank security service.” This is how they fake warnings from number identification services that are familiar to many. When scammers call, the user will see an ID prompt if their phone number is in the database. However, new scam numbers appear in the databases of unwanted contacts with some delay.

Specialists from the Yandex automatic caller ID development team have already reported the current situation to Apple and proposed a solution to eliminate the potential iOS 17 vulnerability.

“We ask you to make adjustments to the algorithms of the “Contact Poster” function in such a way that a poster can be shared only if the contact of the poster owner is recorded in the phone book of another person, that is, in order for attackers to share their poster, they need make sure that their phone number is in the victim’s contacts,” says Yandex’s letter to Apple.

Experts also told how to protect yourself from a new type of fraud.

“Visually, the posters and automatic caller ID prompts in the Yandex application with Alice are different from each other. If you see caller ID data, the screen will indicate which application provided it (in the case of our service). If there is no application name, it means that the potential interlocutor himself provided information about himself, which may turn out to be false. iOS 17 also adds a “Possible” or “Maybe” note in front of the poster – this will also help distinguish the attacker’s inscription from the caller ID data.”

The Yandex team also reported that any dubious number can be checked. To do this, you need to open information about him in the call list, click “Share contact” and select “Check in Yandex”. Experts also advise not to answer suspicious calls and never tell the caller your passport details and SMS confirmation codes.

On November 29, cybersecurity experts reported that cyber fraudsters began to act according to a new scheme through messages about the hacking of the State Services portal. Attackers began sending messages to residents of Russia via instant messengers about hacking of their Gosuslugi account. Using this method, they can gain remote access to a person’s device and his personal account.