Serious security flaw on iphone 4s with siri

[SteveMcDonn]

Hi,

There is a serious flaw with the iphone 4s and siri that means anyone can have access to your phone.

If you have a PIN code set to protect your phone, then it can be bypassed to a certain extent by anyone who activates siri by holding the home button or raising the phone to their ear.

You can email, text message, or make a phone call without having to unlock the phone.

Worst case scenario, you leave your phone on your desk and the guy that hates you sends an abusive email to your boss! - say a big "Hello" to unemployment.


Surely someone at Apple noticed this?

Steve

 

[thewitt]

Turn Siri off when the phone is locked. It's an option in settings. The same thing works with voice control on older devices.

 

[SteveMcDonn]

There is no option turn siri off when the phone is locked

 

[SweetPoison]

Well this is alarming. Or is it?

 

[Skull One]

There is no option turn siri off when the phone is locked

That is incorrect. When/where you set the passcode lock, it is the second from last choice. Siri On/Off. I just tested it. Works correctly and Apple did think about it.

 

[Dreamo84]

That is incorrect. When/where you set the passcode lock, it is the second from last choice. Siri On/Off. I just tested it. Works correctly and Apple did think about it.

He got served

 

[Mad_Maru]

An easy mistake to make just as well on this occasion apple did think of everything!


Sent from my  iPhone® using Tapatalk

 

[SteveMcDonn]

When we activate an iphone on our network, we have the option of enforcing a passcode, so if the phone is lost or left lying around our company information is secure. We also have the option of "Greying Out" the option for the end user to turn off the passcode (They can change it though).

However thanks to siri, this can now be bypassed by anyone who takes possession of the phone, they can in fact call anyone, text anyone or email anyone - this includes people in the contacts / exchange global address book.

Worst case scenario a thief would have access to email / text anyone from customers to the CEO of the organisation and it would appear to have come from the owner of the phone.

There is the option in the settings to disable siri at the lock screen, however as an enterprise we are not able to leave that option available to the end user as it compromises our security policies. What we really need is to be able to disable and "Grey Out" that option - just like we can do with the the passcode setting.

I spent some time this morning discussing it with Apple and eventually spoke to one of their senior advisers in the US "Nathan Rozmus" - he advises

"The feature to disable siri at the lock screen from the exchange interface is not currently available."

When I pointed out that that meant the iphone4s was unsuitable for a corporate environment, he repeated the statement, and advised that I could submit it as a feature request.

Needless to say the iphone4s will continue to be banned on our network, but I think the general population should be informed that there is a risk to corporations.

 

[SteveMcDonn]

Well this is alarming. Or is it?

Both - if you are a corporation it is very alarming to have a security breach like that. If you are 12 - then you probably don't care