For the first nine months of the savings Bank and the Apple hasn’t solved the problem with Siri. At the end of last year, recall, users found that the iPhone is locked can you transfer money via SMS banking. Siri can deduct money from accounts of unsuspecting smartphone owner. While “vulnerability” refers not only to savings Bank, and “Tinkoff Bank”.
Anyone can ask the user locked iPhone, call voice assistant and ask Siri to send an SMS message to the number 900 is the system of SMS-banking Sberbank. In the message, you can specify the transfer amount and the recipient’s number. Siri successfully detects the instruction and send SMS.
In response you will receive a confirmation code and will be displayed on the screen of the locked iPhone. This code must also send the 900 number and verify the transaction. This is also used by Siri. Operation can be done on virtually any iPhone since the default voice assistant works on the lock screen.
Similarly the virtual assistant Apple may “substitute” clients “Tinkoff Bank”, with no SMS messaging on verification.
The video below shows the way to transfer money from a mobile account “savings” by using a voice command Siri. The device can be locked with a password. Function independently dial and send SMS, and then confirm the write-off of money from the subscriber’s account.
With Android smartphone, this trick will not work: the voice assistant Google before sending SMS requests to unlock the smartphone.
Sberbank is working with Apple to the operating system level to prevent tampering with Siri and SMS-banks, said the representative of the savings Bank. Operations are monitored, and suspicious – are automatically locked, assured in the company. However, in case you lose your iPhone, the representative of the savings Bank recommends that you contact your mobile operator and the Bank for blocking numbers and accounts.
Service SMS-banking allows you to learn about the account status, to obtain data on the debits, to pay a mobile phone and transfer money to clients of Sberbank. But these transactions have limits: you can transfer money not more than ten numbers, each payment must not exceed 1500 RUB on Transfers known to the Bank card is limited to 8000 RUB, they can also be not more than 10 per day.
Despite the security measures undertaken by the Bank, the most effective protection against scammers is a ban on transactions in mobile banking through voice assistants.