Bad Siri! She’ll let anyone use a locked iPhone 4S

As it turns out, you can gain access to Siri even when iPhone 4S’s are locked, by default. This can be disabled fairly easily, but if they don’t know about it, then pranksters or data thiefs can – without knowing your passcode:

* Access your contact lists (and phone numbers / addresses / etc)
* Access calendar details (and delete them)
* Make phone calls / SMSs
* Send e-mails to contacts
* Change the name which Siri calls you
* Change alarms / reminders

This, by itself, is a siri-ous security flaw (sorry, had to), but what’s more interesting is that a corresponding flaw in iPad 2’s that use Smart Covers has also been discovered – which allows bypassing the passcode altogether (http://9to5mac.com/2011/10/20/anyone-with-a-smart-cover-can-break-into-your-ipad-2/). Not something that can be sneezed at.

No doubt Apple will be releasing patches (eventually) to address these issues, but what’s ultimately concerning is that in their meticulous approach, this was an intentional choice, placing convenience over security (also see Mac OS LDAP). I’m sure those who have been following them may have begun to identify a trend in their design decisions.

Speaking of Siri, enterprising developers have created a Siri clone called Iris, in 8 hours. Available free on the Marketplace (https://market.android.com/details?id=com.dexetra.iris), based on similar. Iris is rough and lacking polish, but on the right track. That basically sums up the whole situation, I think.

Bad Siri! She’ll let anyone use a locked iPhone 4S

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s