We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,764 News Articles

Siri's Security Hole: The Passcode Is the Problem

For Apple's Siri voice recognition to be both secure and useful when locked, we need ways to access the phone other than a passcode.

Siri, the virtual assistant built into the Apple's iPhone 4S, has a security problem: By default, anyone can use Siri to send e-mails or text messages from a locked phone, without having to enter a passcode first.

Macworld contributor Scott McNulty discovered the exploit last week. In addition to sending texts or e-mails, Siri can also schedule calendar appointments from the lock screen, passcode-free. To prevent any use of Siri while the phone is locked, users must turn off Siri access under Settings > General > Passcode lock.

Apple messed up by making Siri available from the lock screen by default. Although the issue is fixable, users who don't follow tech blogs and haven't played around much with voice commands may not even realize what Siri can do from a password-protected screen. The default setting should prevent any use of Siri while the phone is locked.

But whether Siri is available or unavailable from the lock screen by default, requiring a passcode to access the virtual assistant introduces a dilemma.

The point of making Siri available on the lock screen is to allow fast, eyes-off access to useful features. Say you're driving, or walking down the street, and want to fire off a quick message without taking your eyes off the road. Being able to access Siri without fumbling to enter a passcode--or even without taking the phone out of your pocket when connected to a Bluetooth headset or car speaker--would really come in handy.

A Passcode Shares The Blame

That's why the passcode itself shares some of the blame here. For Siri to be both secure and useful when locked, we need new ways to access the phone. The face recognition in Android Ice Cream Sandwich is a good idea. So is the thumbprint reader on Motorola's Atrix. In Apple's case, voice identification would be the best solution. It would allow the phone's main user to access any of Siri's voice commands even when the phone is locked, while requiring a passcode or some other fallback from other users.

In the meantime, I hope Apple changes the iPhone 4S's default settings to keep Siri locked behind a passcode.

Follow Jared on Facebook, Twitter or Google+ for even more tech news and commentary.


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...