Home / News / Mobile Phone News / Siri Security Threat Exposed

Siri Security Threat Exposed

David Gilbert


iPhone 4S Siri

We all remember that rapscallion HAL 9000 from 2001: A Space Odyssey and the trouble it caused poor Dave, and now it seems Apple’s version of artificial intelligence could prove just as problematic.

Siri, the voice-activated personal assistant on the iPhone 4S, could potentially create a security threat allowing anyone access to the information stored on your phone whether it's locked or not.

The problem has been highlighted by security experts Sophos, who discovered that a passcode-secured iPhone 4S can still be accessed through Siri, allowing anyone who can get there hands on your phone access to allow your personal information.

The problem occurs because the default setting on the iPhone 4S means that Siri can be accessed from the lock screen without the need to enter the passcode. And since Siri responds to any voice, whoever gets their hands on the phone will be able to use it.

iPhone 4S Siri

We tried this on an iPhone 4S this morning and managed to send text messages and emails to various people from the contacts list of the ‘locked’ iPhone. We were also able to draw up a list of upcoming appointments and times from the phone’s calendar.

This means that anyone who leaves their iPhone 4S unguarded for any length of time could be leaving all their contact and calendar information open – not to mind being at the mercy of pranksters looking to send ‘funny’ emails and texts from the phone.

iPhone 4S Siri

There is an easy way to solve the problem however. Go to Settings/General/Passcode Lock on the iPhone 4S and switch Siri from On to Off. That way Siri cannot be used when the smartphone is locked with a passcode.

Why Apple chose to have the default setting for this as On is a mystery, but it should be noted that Siri is still in beta and when the final product does emerge it will possibly have more strict security.

“They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system,” said Graham Cluley, senior technology consultant at Sophos.

The first TV ad for Siri has been released (see above) and shows a world where the iPhone 4S could become your best friend. In reality Siri doesn’t work as flawlessly as Apple would have you believe, especially here in the UK where it cannot access any location data.

Source: Naked Security

comments powered by Disqus