iPhone 4S Siri ships with security flaw

iPhone 4S Siri ships with security flaw
The iPhone 4S' new voice command/dictation powerhouse Siri looks like it may be too strong for the iOS security. There is a zero-day flaw in Siri that will threaten your phone's security (assuming there is something worth securing), but luckily there is a pretty simply way to get around the issue for now.

The trouble is that even if you have a passcode set on your iPhone's lockscreen, Siri can bypass it and get into your phone. This is not unlike the trouble Apple had with emergency calls being able to bypass lockscreen security and gain access to your photos and contacts. This time around, Apple has Siri enabled on the lockscreen by default, meaning anyone can use a voice command to access your e-mail, contacts or calendar. 

As we mentioned, if you have nothing that requires too much security in any of those systems, it's not much of a worry ("Oh no! I left my phone on the bus and now the person who has it can e-mail my mom! My mom!") Of course, if it's that much of a worry for you, all you have to do is disable Siri from your lockscreen in the "Passcode Lock" settings screen. 

source: CNet

Related phones

iPhone 4s
  • Display 3.5" 640 x 960 pixels
  • Camera 8 MP / 0.3 MP VGA front
  • Processor Apple A5, Dual-core, 800 MHz
  • Storage 64 GB

FEATURED VIDEO

46 Comments

1. tech-head

Posts: 133; Member since: Sep 02, 2011

How does stuff like this get past Q and A?

4. Snapdude

Posts: 128; Member since: Aug 27, 2009

"revolutionary" gone wrong...

9. remixfa

Posts: 14605; Member since: Dec 19, 2008

maybe they figure since noone reacted to the iphone "tracks every move you do for a year and sends it to apple" scandle, they just didnt care who saw what?? lol

11. iwebdroidberry7

Posts: 230; Member since: Jan 17, 2011

12. L3610n

Posts: 48; Member since: Jul 01, 2011

I was gonna say, didn't google face similar accusations for illegal tracking of your movements. haha

13. biophone

Posts: 1994; Member since: Jun 15, 2011

But you had the option to turn it off on android:)

27. Lucas777

Posts: 2137; Member since: Jan 06, 2011

same with ios buddy... read the whole aritcle...

30. protozeloz

Posts: 5396; Member since: Sep 16, 2010

as far as I knew it wont go off even if you did turn it, I tried asking but all tried Asking but all I got was an insult to my fanboysm

29. R_Truth

Posts: 3; Member since: Oct 20, 2011

Not only that Google tells you that it is or will track your location. Unlike the Iphone which not only denied it but did not give you any option to turn it off nor did it warn you.

39. Lucas777

Posts: 2137; Member since: Jan 06, 2011

again there are many options and warnings that ask if u want location services and if diagnostics can be sent to apple… check it

26. Lucas777

Posts: 2137; Member since: Jan 06, 2011

i dont understand how this is a problem at all... u just tap the switch and its off on the ockscree... how is that a security threat?

28. protozeloz

Posts: 5396; Member since: Sep 16, 2010

This is just an woopsie not a threat. And is fairly limited.

40. Lucas777

Posts: 2137; Member since: Jan 06, 2011

i gues… i just dont see why its on every tech site when there is a switch right below the enable lockscreen combo…

41. protozeloz

Posts: 5396; Member since: Sep 16, 2010

You must admit apple and some of its fans talk about apple being perfect to everything so sites like to remind they are humans and make mistakes.

2. GoodFella

Posts: 112; Member since: Oct 18, 2011

Seems like a careless mistake- something I am surprised Apple didn't test/realize. Amazing how so much thought and technology goes into software, yet the basics aren't checked or double checked.

3. L3610n

Posts: 48; Member since: Jul 01, 2011

It bypasses security because Siri is actually GladOs. And GladOs controls EVERYTHING MWAHAHAHAHA!

5. jacko unregistered

siri is really bin laden

6. cncrim

Posts: 1539; Member since: Aug 15, 2011

Call play catching up, just push it out the market first so we can get credit and patent it. hahah.

7. iwebdroidberry7

Posts: 230; Member since: Jan 17, 2011

You mean like almost everything Google puts its name on?

24. cncrim

Posts: 1539; Member since: Aug 15, 2011

Sure did like pull down Notification Bar, OTA. Btw, curve glass too haha however she perfect it.

38. iwebdroidberry7

Posts: 230; Member since: Jan 17, 2011

BB had the pull down notification bar first, and OTA's were NEVER exclusive to Android. And the Dell Venue Pro came out before the Nexus S.

42. protozeloz

Posts: 5396; Member since: Sep 16, 2010

no bb didn't have a pull down notification bar fist than android you had to go to the main screen to see what's going.

8. taco50

Posts: 5506; Member since: Oct 08, 2009

It doesn't seem like much of an issue if you can turn it off in settings. Maybe they should ship it with the setting off by default.

19. Stuntman

Posts: 843; Member since: Aug 01, 2011

Yeah, I thought I saw a screen shot of the iPhone where you can set it to allow Siri to bypass the lock screen. In any case, I find it unusual to have this setting for Siri only. If you are going to allow Siri bypass the lock screen, why put a lock screen in the first place? They should have left the option out of Siri and just let the user turn off the lock screen if they do not care for having their phone secure.

16. MichaelHeller

Posts: 2734; Member since: May 26, 2011

There's a "report" button on every comment. Don't be afraid to use it.

17. The_Miz

Posts: 1496; Member since: Apr 06, 2011

-_- But you guys have moderated comments without the report button. Come on, it's clear they're trolling. I don't think it's fair to block me for two days and they still get to troll various articles.

20. protozeloz

Posts: 5396; Member since: Sep 16, 2010

I hit report every time I saw you and your lame android jokes and it took PA took various months to ban you for a few days

32. The_Miz

Posts: 1496; Member since: Apr 06, 2011

What?

43. protozeloz

Posts: 5396; Member since: Sep 16, 2010

in plain english they banned you because I've being pressing the report button to all of your offensive comments and your attitude and you gave them reasons with your"can't touch me "actitude

21. Whateverman

Posts: 3295; Member since: May 17, 2009

It's not their job to babysit, it's to provide content. They are really quick to pull the trigger it seems unless things get really out of hand. Right now, we're just debating, no one is getting out of hand with it.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.