Default setting leaves passcode-locked iPhone 4S open to abuse iPhone 4S owners are being warned to check their handset’s settings in order to close a security hole in Siri.If you leave your iPhone 4S unattended, someone else could use the handset to send text messages, alter calendar appointments and write emails without your permission. According to security firm Sophos even a passcode-locked iPhone 4S is vulnerable to the flaw.“I borrowed a passcode-locked iPhone 4S from a colleague here at Sophos and, with his permission, was able to write an email, and send a text message. If I had wanted to I could have meddled with his calendar appointments too,” said Sophos’ senior technology consultant Graham Cluley.Apple’s Siri versus Android’s Voice Actions In order to protect against the flaw, go to Settings, General, Passcode Lock and check that the Siri option is set to Off. This means Siri is inoperable when the handset is locked.“What’s disappointing to me is that Apple had a clear choice here. They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system,” Cluley said. He also advised using a more complex passcode. Cluley clearly wasn’t impressed by Siri. “It’s not as though Siri impressed me enormously anyway during my brief play with it. Thirty percent of the time it misinterpreted what I was trying to say.We’re rather more positive about Siri – we reckon it beats Android’s Voice Actions easily, though it is still officially a beta and we have heard reports of problems with it. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe