Allows locked-out users to send texts, emails and make calls
People enable passcode locks on their mobile devices for a wide variety of reasons. Maybe they want to keep a snooping boyfriend out of their recent calls list, or maybe they fear what might happen if they lost their phone and a stranger could browse their photos with ease. Lots of people nowadays have personal banking apps the could be accessible to anyone with access to the phone.
But it looks as though in some circumstances, the new iPhone 4S voice assistant Siri can bypass your passcode and allow anyone to perform tasks on a locked phone.
Sophos’ Naked Security blog stumbled upon this eccentricity of the new iPhone 4S, and the claim’s veracity has been confirmed by this writer.
By default, you can use Siri to make phone calls, check your calendar, send texts and emails (to people in your contacts list) and set reminders, even when your phone is locked with a passcode. There are some things that you can’t do, like interact with apps.
Of course, this is handy for the owner of the phone – not having to enter a passcode for everything they want to do. But it’s a nightmare for the owner if the phone fell into the wrong hands. Imagine your friends getting a hold of your iPhone and texting your ex-girlfriend…yikes.
All kidding aside, it’s a fairly significant security flaw to be the default setting on the Apple device. Luckily, it’s quite easy to fix by going to Settings > General > Passcode Lock and toggling off Siri functionality while lock is enabled.
But plenty of users won’t think to do this, and it’s just curious that Siri is able to do so much on a passcode-locked phone by default.