Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Is this a big security flaw with Siri?

Candlelight

Candlelight

macrumors 6502a
Original poster
Oct 12, 2011
837
731
New Zealand
http://www.stuff.co.nz/technology/gadgets/5814897/iPhone-4S-security-hole-uncovered

An IT manager for a large Australian corporation with 1000 users, responsible for a fleet of 200 smartphones and BYO devices has pinpointed what he says is a shortcoming that will prevent his company from allowing the new iPhone 4S and eventually iPads with Siri onto its network.

He says the introduction of Siri - a handy personal assistant capable of scheduling meetings, sending emails and addressing most questions thrown at it via voice command - makes it impossible to enforce the use of a passcode on iPhones.

Siri has fascinated consumers since its introduction on October 5. In business it could come in handy for overly busy executives who multitask and seldom have the luxury of a human personal assistant.

But because of Siri, companies concerned about the security of data such as global contact lists and confidential emails, are no longer able to force users to lock their phones. Users can turn off the passcode lock if they wish.

"When we activate an iPhone on our network, we can make the use of the phone passcode compulsory, so if the phone is lost or left lying around our company information is secure. We also can 'grey out' the option for the end user to turn off the passcode through the Apple-supplied [Microsoft] Exchange interface.

"But there is no option to disable the Siri controls. It effectively bypasses the phone passcode - anyone can activate Siri and access the phone book and email," Steve McDonnell says.

Other users have pointed out the "voice control" feature on older iPhones also allowed the lock screen to be bypassed, but McDonnell says this is worse because there is no option to disable Siri as a policy.
Click to expand...

"Siri, don't let anyone else in"
"I can't do that, Dave"
 
tibi08

tibi08

macrumors 6502a
Sep 17, 2007
703
75
Brighton, UK
If you go into the passcode settings, there is in fact a setting called "Allow access to Siri when locked with a passcode" (Yes/No). I suspect that currently, companies cannot mandate this setting in the same way as they can with the passcode. But I'm sure that can (and will) be easily resolved in a relatively short amount of time.

Personally, I think I would enable this setting for personal use of the phone. Otherwise anyone can pick up your phone and use Siri. Why would you want to allow that if you've botherred to set a passcode?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom