• United States



by Ben Camm-Jones

Siri Security Flaw Leaves the IPhone 4S Insecure

Oct 20, 20112 mins
AppleComputers and PeripheralsData and Information Security

Default setting leaves passcode-locked iPhone 4S open to abuse

iPhone 4S owners are being warned to check their handset’s settings in order to close a security hole in Siri.

If you leave your iPhone 4S unattended, someone else could use the handset to send text messages, alter calendar appointments and write emails without your permission. According to security firm Sophos even a passcode-locked iPhone 4S is vulnerable to the flaw.

“I borrowed a passcode-locked iPhone 4S from a colleague here at Sophos and, with his permission, was able to write an email, and send a text message. If I had wanted to I could have meddled with his calendar appointments too,” said Sophos’ senior technology consultant Graham Cluley.

Apple’s Siri versus Android’s Voice Actions

In order to protect against the flaw, go to Settings, General, Passcode Lock and check that the Siri option is set to Off. This means Siri is inoperable when the handset is locked.

“What’s disappointing to me is that Apple had a clear choice here. They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system,” Cluley said. He also advised using a more complex passcode.

Cluley clearly wasn’t impressed by Siri. “It’s not as though Siri impressed me enormously anyway during my brief play with it. Thirty percent of the time it misinterpreted what I was trying to say.

We’re rather more positive about Siri – we reckon it beats Android’s Voice Actions easily, though it is still officially a beta and we have heard reports of problems with it.