Watch CBS News

X-SciTech

Siri lets anyone use a locked iPhone 4S

By Elinor Mills

/ CNET

The voice-activated feature on the new iPhone 4S will let anyone use the phone to send e-mails and text messages and make calls even if it is passcode locked, security firm Sophos revealed today and CNET has confirmed.

Try it. Grab a friend's locked iPhone 4S, press the button and ask Siri to do something. I was able to send a text message, make a call and send an e-mail, all without knowing my friend's passcode. Another colleague confirmed that she could get an address and a phone number out of the phone and even see the calendar.

To be clear, the phone is still locked in the sense that someone can't just grab it and make calls to any phone number by dialing. And users are also unable to launch apps. We also weren't able to send an e-mail to an address that was not in the contact list or find other data for people who weren't already in the contact list.

Podcast: An interview with Siri

To some this might seem like old news. Similar capabilities were available by default with the Voice Control feature, which was introduced with the iPhone 3GS in 2009. But it appears on first glance that Siri allows you to do more with a locked iPhone than Voice Control does.

In a default setting, Siri let's a complete stranger see your calendar on your passcode locked iPhone 4S, as well as get contact information, make a call and send texts and e-mails.
In a default setting, Siri let's a complete stranger see your calendar on your passcode locked iPhone 4S, as well as get contact information, make a call and send texts and e-mails. Sharon Vaknin/CNET

In my limited sampling, iPhone 4S owners seem to be shocked to learn about this default Siri setting, so chances are that many people didn't know about the Voice Control default setting either.

Thankfully, there is an easy fix for this. In the Passcode Lock settings, switch Siri to "Off" (see below). This lets you continue to use the feature once your iPhone is unlocked, but keeps users from accessing these features when security is enabled.

It's pretty surprising that Apple has the default set to be able to use Siri without unlocking the device.

"What's disappointing to me though is that Apple had a clear choice here," Sophos' Graham Cluley writes in a blog post. "They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."

Apple representatives did not immediately respond to e-mails and a phone call seeking comment.

(CNET's Sharon Vaknin and Josh Lowensohn contributed to this report.)

To disable Siri unless the device is unlocked, you turn Siri "Off" in the Passcode Lock settings.
To disable Siri so it can't be used unless the device is unlocked, you turn Siri "Off" in the Passcode Lock settings. Sophos

First published on October 19, 2011 / 2:21 PM EDT

© 2011 CBS Interactive Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.