Siri security flaw uncovered

Siri's default mode could caused problems for those who leave their iPhone laying around

The default setting for Apple's new Siri personal assistant app for iPhone 4S allows much of the handset's functionality to be used even when the phone is locked.

The security worry means that anyone can pick up your iPhone and dictate texts, emails, make calls and have Siri list calendar appointments, while the 4S is passcode locked.

Siri - the little harlot - will also tell anyone details and addresses from your contacts book, but it can't open apps without unlocking the phone.

Dirty default

It's easy enough to atone for Siri's promiscuous behavior though, as you can turn her off in the Passcode Lock settings menu, but many users may not even realise that this is an issue.

Voice Control on previous iPhone models also allowed limited actions with the device in lock mode, but the sheer range of functionality on offer here is quite worrying.

Although it's easy to switch Siri off with the phone locked, it's somewhat surprising that Apple chose this as the default mode.

Graham Cluley of security giant Sophos blogged: "What's disappointing to me though is that Apple had a clear choice here.

"They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."


Chris Smith

A technology journalist, writer and videographer of many magazines and websites including T3, Gadget Magazine and He specializes in applications for smartphones, tablets and handheld devices, with bylines also at The Guardian, WIRED, Trusted Reviews and Wareable. Chris is also the podcast host for The Liverpool Way. As well as tech and football, Chris is a pop-punk fan and enjoys the art of wrasslin'.