> -----Original Message----- > From: real-eyes-bounce@xxxxxxxxxxxxx [mailto:real-eyes-bounce@xxxxxxxxxxxxx] > On Behalf Of Steve Clark > Sent: Wednesday, October 19, 2011 7:09 PM > To: nut@xxxxxxxxxxxxx; real-eyes@xxxxxxxxxxxxx > Subject: [real-eyes] Has Siri left your iPhone 4S unlocked? > > Please visit my blog > https://blindbites.wordpress.com/ > Follow me on twitter > https://twitter.com/#!/blindbites > > > The following is from: > http://nakedsecurity.sophos.com/2011/10/19/siri-iphone-4s-unlocked/?utm_sour > ce=twitter&utm_medium=gcluley&utm_campaign=naked%2Bsecurity > > Has Siri left your iPhone 4S unlocked? > by > Graham Cluley > on October 19, 2011 | > Apple's new "Siri" feature, the voice-activated personal assistant built > into the iPhone 4S, leaves owners' spanking new smartphones partially > unguarded. > Those of us who work in the security arena have often banged on about the > importance of securing your smartphone > with a password or passcode to prevent unauthorised access. > Most mobile phone manufacturers have recognised that as so many people use > their smartphones to manage their their diaries, their private > communications, and their social lives, it's good to have some form of > security. > Which leaves Apple with some egg on its face regarding Siri. > Even if an iPhone 4S is locked with a passcode, a complete stranger can come > up to your smartphone, press the button and give Siri a spoken command. > I borrowed a passcode-locked iPhone 4S from a colleague here at Sophos and, > with his permission, was able to write an email, and send a text message. If > I had wanted to I could have meddled with his calendar appointments too. > iPhone 4S > All without having to enter the passcode. I'm sure you can imagine some of > the ways this could potentially be abused. > iPhone 4S settings > Fortunately there's an easy way for security-conscious users to disable Siri > when their phone is locked. > Enter "Settings/General/Passcode Lock" on your iPhone 4S, and make sure that > the "Siri" option is set to "Off". > That way Siri cannot be used when the smartphone is locked with a passcode. > Which seems the sensible option to me in most circumstances. > (In the case of the colleague's iPhone 4S that I borrowed, I might also > suggest that he switch from having a "simple" numeric passcode to a more > complex version too). > What's disappointing to me though is that Apple had a clear choice here. > They could have chosen to implement Siri securely, but instead they decided > to default to a mode which is more about impressing your buddies than > securing your calendar and email system. > It's not as though Siri impressed me enormously anyway during my brief play > with it. 30% of the time it misinterpreted what I was trying to say. > > -- > To subscribe or to leave the list, or to set other subscription options, go > to www.freelists.org/list/real-eyes > > > > __________ NOD32 6558 (20111019) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > -- Jonnie Appleseed with his Hands-On Technolog(eye)s reducing technology's disabilities one byte at a time ************ You are subscribed to the mac4theblind mailing list. The url for this list, where one can unsubscribe or make any changes to their list subscription is: //www.freelists.org/list/mac4theblind The list archive is located at //www.freelists.org/archive/mac4theblind/ All emails intended for the list owner can be sent to: john@xxxxxxxxxxxxxxxxxx