We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Siri's Security Hole: The Passcode Is the Problem

For Apple's Siri voice recognition to be both secure and useful when locked, we need ways to access the phone other than a passcode.

Siri, the virtual assistant built into the Apple's iPhone 4S, has a security problem: By default, anyone can use Siri to send e-mails or text messages from a locked phone, without having to enter a passcode first.

Macworld contributor Scott McNulty discovered the exploit last week. In addition to sending texts or e-mails, Siri can also schedule calendar appointments from the lock screen, passcode-free. To prevent any use of Siri while the phone is locked, users must turn off Siri access under Settings > General > Passcode lock.

Apple messed up by making Siri available from the lock screen by default. Although the issue is fixable, users who don't follow tech blogs and haven't played around much with voice commands may not even realize what Siri can do from a password-protected screen. The default setting should prevent any use of Siri while the phone is locked.

But whether Siri is available or unavailable from the lock screen by default, requiring a passcode to access the virtual assistant introduces a dilemma.

The point of making Siri available on the lock screen is to allow fast, eyes-off access to useful features. Say you're driving, or walking down the street, and want to fire off a quick message without taking your eyes off the road. Being able to access Siri without fumbling to enter a passcode--or even without taking the phone out of your pocket when connected to a Bluetooth headset or car speaker--would really come in handy.

A Passcode Shares The Blame

That's why the passcode itself shares some of the blame here. For Siri to be both secure and useful when locked, we need new ways to access the phone. The face recognition in Android Ice Cream Sandwich is a good idea. So is the thumbprint reader on Motorola's Atrix. In Apple's case, voice identification would be the best solution. It would allow the phone's main user to access any of Siri's voice commands even when the phone is locked, while requiring a passcode or some other fallback from other users.

In the meantime, I hope Apple changes the iPhone 4S's default settings to keep Siri locked behind a passcode.

Follow Jared on Facebook, Twitter or Google+ for even more tech news and commentary.


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...