iPhone 4S Siri insecure says security team

Oct 20, 2011
9

Apple's Siri has come under fire from security researchers, over concerns that the voice control system can, by default, be used by anybody even when your iPhone 4S is passcode-locked. Since Siri's settings out of the box allow it to be instantly triggered from the lock-screen, researchers Sophos highlighted, and bypass the PIN-entry, anybody with physical access to your iPhone 4S can send emails and SMS messages, access the calendar and do anything else the digital personal assistant is capable of.

The problem, they say, is that Apple opted for convenience over security in its setup decisions. As standard, access to Siri is permitted even when the phone itself is secured with a passcode; that means you need to punch in a PIN if you want to use the iPhone 4S normally, but can give Siri spoken commands simply by holding the handset to your ear.

There's an option to put Siri behind the passcode security in the iOS 5 settings, as shown in the screenshot here, but by default it's toggled to allow broader access. "[Apple] could have chosen to implement Siri securely," Sophos observe, "but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."

Siri has come under fire in recent days because of its limited functionality outside of the US, with Maps access and location-based search services not functioning in the majority of places the iPhone 4S is on sale. That, Apple has admitted, isn't set to change until sometime in 2012. For more on Siri, check out our full iPhone 4S review.

iPhone 4S Siri demo:


Must Read Bits & Bytes