Apple’s Siri Could Rat Out Your iOS Device To Hackers And Cybercriminals

Let me start by saying that Siri and I have a solid relationship. If I need directions to a place I've never been before or a reminder set, she dutifully obliges every single time. I like that. But if Siri turns on me and starts sharing my personal info without my permission, as a major security firm says is possible, we're going to have problems.

Trend Micro, makers of self-named antivirus solutions, points to a flaw in Siri's software that takes only seconds to exploit. In doing so, anyone can tap into a Siri-enabled iOS device and get access to the owner's full name, email, phone number, and a photo of that person, regardless of whether the device is locked. And that's just the tip of the iceberg.

Apple iPhone Siri

"A potential opening for abuse in Siri-equipped iOS mobile devices allows anyone to use voice recognition to access data on a device, even with a passcode," Trend Micro explains. "Ideally, a passcode should prevent unauthorized access to any information stored on a mobile device, much like a password does on a computer. A locked device should not disclose the owner’s identity and contact information, as well those of the owner’s friends, family, and contacts. Siri bypasses this and provides detailed information and other functions on a locked mobile device."

There's a lengthy list of commands that work on a locked iPhone. Someone who's up to no good could snag your iPhone when you're not paying attention and use Siri to post Facebook updates, send text messages, enable or disable alarms, add or remove reminders, show full contact details from Contacts, and more.

To be fair, there are scenarios where this kind of access can come in handy. Maybe you lost your phone and it was turned in to the local police. They could look up your info through Siri. Unfortunately, that kind of protection comes at a heavy privacy risk.

There's a simple solution in place -- just disable Siri on the lock screen, which you can do by accessing Touch ID & Passcode > Siri. But an even better solution -- one that doesn't exist within Siri yet -- would be if Apple introduced vocal identity so that only you (and perhaps anyone else you authorize and train through Siri) can use voice recognition.

In the meantime, take caution when lending out your iOS device or leaving it unattended.

Via:  Trend Micro
Show comments blog comments powered by Disqus