Siri's Security Hole: The Passcode Is the Problem

20.10.2011
Siri, the virtual assistant built into the Apple's iPhone 4S, has a security problem: By default, anyone can use Siri to send e-mails or text messages from a locked phone, without having to enter a passcode first.

Macworld contributor Scott McNulty last week. In addition to sending texts or e-mails, can also schedule calendar appointments from the lock screen, passcode-free. To prevent any use of Siri while the phone is locked, users must turn off Siri access under Settings > General > Passcode lock.

Apple messed up by making Siri available from the lock screen by default. Although the issue is fixable, users who don't follow tech blogs and haven't played around much with voice commands may not even realize what Siri can do from a password-protected screen. The default setting should prevent any use of Siri while the phone is locked.

But whether Siri is available or unavailable from the lock screen by default, requiring a passcode to access the virtual assistant introduces a dilemma.

The point of making Siri available on the lock screen is to allow fast, eyes-off access to useful features. Say you're driving, or walking down the street, and want to fire off a quick message without taking your eyes off the road. Being able to access Siri without fumbling to enter a passcode--or even without taking the phone out of your pocket when connected to a Bluetooth headset or car speaker--would really come in handy.