Wednesday, October 19, 2011

Bad Siri! She'll let anyone use a locked iPhone 4S

To disable Siri so it can't be used unless the device is unlocked, you turn Siri

The voice-activated feature on the new iPhone 4S will let anyone use the phone to send e-mails and text messages and make calls even if it is passcode locked, Macworld has reported.

Try it. Grab a friend's locked iPhone 4S, press the button and ask Siri to do something. I was able to send a text message, make a call and send an e-mail, all without knowing my friend's passcode. Another colleague confirmed that she could get an address and a phone number out of the phone and even see the calendar.

There is an easy fix for this situation, which was reported on by Macworld on Friday, followed by security firm Sophos today. In the Passcode Lock settings, switch Siri to "Off" (see below). This lets you continue to use the feature once your iPhone is unlocked, but keeps users from accessing these features when security is enabled.

To be clear, the phone is still locked in the sense that someone can't just grab it and make calls to any phone number by dialing. The users Siri lets in aren't able to launch apps, either. We also weren't able to send an e-mail to an address that wasn't in the contact list or to find other data for people who weren't already in the contact list.