Apple should've warned its customers about Siri, expert says

Siri may well sound like it wants to be your friend, but unfortunately it really isn't personal, have a friend pick up your locked iPhone 4S and Siri will spill the beans on almost anything

Apple should have warned its customers about the Apple iPhone 4S Siri security flaw, which enables third parties to access users' personal information using Siri, even when the screen is locked, a security expert said.

Yesterday, T3 reported that potential thieves can ask Siri, Apple's new voice-recognition software, for users' personal details without having to enter a passcode. At the press of the Home button, a person is able to send texts, emails and request calendar information without having to unlock the homescreen.

Alan Goode, managing director of mobile security firm Goode Intelligence, said: “The vulnerability discovered in Apple’s new voice recognition service, Siri, is a serious one, and one that should not have been released into the live.

“The positive thing is that accessing some of the more sensitive services in this manner, such as  email, is forbidden.

He continued: “But I could still run up a pretty impressive and annoying phone bill if I had malicious intent and if Apple missed this pretty easy to find vulnerability then what other security threats are hiding in Apple’s latest mobile OS?”

The setting isn't a permanent one - users have the option of switching it off by disabling the option to enable Siri at passcode lock - however Goode argues that because this setting was set at default without users' acknowledgement, many iPhone 4S owners would have been unaware of the potential risks they were exposing themselves to.

He said: “We feel that this option should have been the default option that Apple should have configured on all devices and then let the user decide whether they want to take the risk of someone accessing text, call and appointment services without entering the correct passcode.

Another expert, Graham Cluely, from the security software firm Sophos, summed up his concerns about Apple's decision. He said: "What's disappointing to me though is that Apple had a clear choice here. They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."

Goode added: "Perhaps by the time that Siri is fully functioning in the UK Apple will have seen sense and change the default setting."

Apple iPhone 4S: Features

With an improved A5 processor and the inclusion of iOS 5 the iPhone 4S has seen phenomenal sales over the weekend, and with Siri embedded so deeply into how the phone operates it'll be interesting to see how everyday consumers will react to the news.

With the upcoming release of Android's Ice Cream Sandwich which also has improved voice-functionality and the unveiling of the Motorola Razr and Samsung Galaxy Nexus the iPhone 4S will certainly start coming under pressure to still be the top dog.

What do you think, have Apple chosen gimmicks over genuine security? Let us know what you think via the comments box below...

Comments

Be the first to comment…

Back to top
Close
T3 Newsletter
Sign up to recieve the T3 newsletters by entering your details below

Your Details

As you're registering with us. we'd like to think that you'd enjoy receiving the following emails; if you'd rather not receive them, please untick the boxes:

I would like to receive other emails from T3, Future Publishing Limited and it's group companies containing news, special offers and product information
I agree to the terms of use and privacy policy and confirm that I am over 16 years of age *
Close
Log in or Join

By clicking below you agree to our terms and conditions and our privacy policy

Log in to T3.com with your preferred social network

Log in with your T3.com account

CloseJoinPlease complete these additional details

Join T3.com with your preferred social network

OR

Join T3.com

Please tick this box to confirm you are 16 years old or over

Just so we know you're human

Newsletters

I would like to receive T3 email newsletters, packed full of the latest tech news, competitions and exclusive offers.

I would like to receive other emails from T3, Future Publishing Limited and its group companies containing news, special offers and product information.

I would like to receive offers from carefully selected third Parties. We will not share your data with the third party.

Close Edit your profile

Change your password

Newsletters

I would like to receive T3 email newsletters, packed full of the latest tech news, competitions and exclusive offers.

I would like to receive other emails from T3, Future Publishing Limited and its group companies containing news, special offers and product information.

I would like to receive offers from carefully selected third Parties. We will not share your data with the third party.

Social networks

You have authorised these social networks to interact with your T3.com account.

Please ensure you deactivate or revoke access to this website from within your social networks settings to ensure all permissions are removed.

Close Forgotten your password

Forgotten your password?

Please enter the email address that you used to sign up and we'll send you a new password

Close
Forgotten password
Don't have a T3 Account? Join now