- Text
Siri lets anyone use a locked iPhone 4S
The voice-activated feature on the new iPhone 4S will let anyone use the phone to send e-mails and text messages and make calls even if it is passcode locked, security firm Sophos revealed today and CNET has confirmed.
Try it. Grab a friend's locked iPhone 4S, press the button and ask Siri to do something. I was able to send a text message, make a call and send an e-mail, all without knowing my friend's passcode. Another colleague confirmed that she could get an address and a phone number out of the phone and even see the calendar.
To be clear, the phone is still locked in the sense that someone can't just grab it and make calls to any phone number by dialing. And users are also unable to launch apps. We also weren't able to send an e-mail to an address that was not in the contact list or find other data for people who weren't already in the contact list.
Podcast: An interview with Siri
To some this might seem like old news. Similar capabilities were available by default with the Voice Control feature, which was introduced with the iPhone 3GS in 2009. But it appears on first glance that Siri allows you to do more with a locked iPhone than Voice Control does.
In a default setting, Siri let's a complete stranger see your calendar on your passcode locked iPhone 4S, as well as get contact information, make a call and send texts and e-mails.
(Credit: Sharon Vaknin/CNET)In my limited sampling, iPhone 4S owners seem to be shocked to learn about this default Siri setting, so chances are that many people didn't know about the Voice Control default setting either.
Thankfully, there is an easy fix for this. In the Passcode Lock settings, switch Siri to "Off" (see below). This lets you continue to use the feature once your iPhone is unlocked, but keeps users from accessing these features when security is enabled.
It's pretty surprising that Apple has the default set to be able to use Siri without unlocking the device.
"What's disappointing to me though is that Apple had a clear choice here," Sophos' Graham Cluley writes in a blog post. "They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."
Apple representatives did not immediately respond to e-mails and a phone call seeking comment.
(CNET's Sharon Vaknin and Josh Lowensohn contributed to this report.)
To disable Siri so it can't be used unless the device is unlocked, you turn Siri "Off" in the Passcode Lock settings.
(Credit: Sophos)
- Siri lets anyone use a locked iPhone 4S
- Apple earnings disappoint, stock gets crushed
- Apple pauses to celebrate life of Steve Jobs
- Siri inspires tech tourettes and performs a duet
- Countdown to 7 billion people on Earth
- Apple served up with heaping of baloney
- Ice Cream Sandwich-powered Galaxy Nexus debuts
- Portrait sold for $21K might be a Leonardo
- Anonymous will "kill" Facebook on Guy Fawkes Day
- Some iPhone 4S users seeing red over yellow tint
- Apple stores close today for Steve Jobs memorial
- Apple co-founder Steve Jobs dead at 56
- 4,001 Post-it notes for Steve Jobs
- RIM pins hopes on new BBX operating system
- Robot solves Rubik's Cube in seconds
- In new antitrust case, all eyes will be on Bill Gates
- Are affordable tablets here to stay?
- Car explodes in northern Mexico as soldiers pass
- Ex-CEO surrenders to face overbilling charges
- Hanna: Animals owner's wife called them her kids
- Photographer who captured rock's golden age dies
on Facebook
- Sheriff: Missing Ohio monkey believed eaten
- Climate change pushing coffee to extinction?
- After toddler is left to die, China disquieted
- Ohio sheriff: Only one monkey remains missing
- Some sales from Bieber's new CD to go to charity
on CBS News
