Siri, the personal assistant on the iPhone has been the top selling point of Apple’s new iPhone 4S. But Graham Cluley, security researcher for Sophos, pointed out that Siri works from a locked screen. That means that users who don’t pay attention to their settings could be putting themselves at risk.
Users are able to lock up Siri with a passcode by going into their security settings and turning the feature off without passcode authentication. But by default, anyone could pick up an iPhone 4S, hold down the home button and ask Siri a questions such as, “What is my home address?” and the assistant will display that information.
Cluley was able to send an e-mail and text message from an ostensibly locked phone, and pointed out that he could have also changed calendar appointments. While he said it was good of Apple to include the option to lock Siri up, he expressed disappointment that the company didn’t ship Siri with the more secure options on default.
This isn’t a security flaw, per se, more like a security heads-up. There are certainly scenarios where being able to use Siri without needing to input your passcode would be very useful, but consumers should always think about the potential ways that they could endanger their safety in the name of convenience.