Unauthenticated users using the new iPhone 4S can perform actions without entering a lock code via the new SIRI Function.
Bypass is performed via a 2-second hold of the phone button and a spoken command. All of Siri’s functions (making a call, sending a text, making a calendar appointment, etc) are available, even when an iPhone is locked with a passcode.
Typically one assumes that when they set a password lock on their iPhone, they can leave their phone unattended and expect it to not be tampered with (EG in offices, homes, in the Girlfriends car, etc) and that they are the only ones with the unlock code. With SIRI enabled, the unlock code is useless as any individual can use SIRI commands even when the phone is locked.
A terrifying example would be the following. A girl goes to dinner with her friends ex-boyfriend. They are still friends, but the guy is a little crazy over his ex and his ex-girlfriend wants nothing to do with him. During dinner, the friend leaves her *locked* iPhone 4S on the table while she goes to the bathroom. The crazy ex-bf takes her phone, see’s the lock screen, and proceeds to hold the home button down for two seconds summoning SIRI. He asks ‘Where is [name of girlfriend]‘. SIRI willingly pulls up her location from the ‘find friends’ app showing her exact location, which, to add drama, is the guys best friends house. I’ll leave the rest of the story to the imagination.
–Triskt
*update* 10/18/11 03:16:00 AM
Wow, it seems like I’m late to the iPhone party. Please see MacWorld article…
http://www.macworld.com/article/163055/2011/10/how_to_prevent_siri_access_while_your_iphone_4s_is_locked.html
And a relevant discussion on Reddit…
http://www.reddit.com/r/netsec/comments/lg19g/ios_5_siri_authentication_bypass/
does “siri, unlock my iphone” work?
Actually, this is not entirely true. There are some functions that will not work.
If you ask Siri to read your text, it will say that it cannot do that while your phone is locked, and will ask you to enter your passcode. This also applies if you ask Siri to search the web.
Agree with Frank, the functions that ARE accessible are not ‘harmful’ ones, though I agree there probably should be a ‘Disallow Siri when locked’ option. However there really isn’t much to worry about and without sounding like an ass, proper research should be done when writing up articles like this.
Yeah, an option in Apple software. That’s a good one!
Nice example haha.
oh yeh!!
I confirm it does work…. I can even call everyone in my contacts
False, i was unable to recreate after disabling siri when the phone is locked with a passcode in the passcode settings.
Nice try google
Siri, how do I install VLingo,
http://www.vlingo.com/
or this:
http://teck.in/iphone-4s-siri-altern…assistant.html
or this:
http://techcrunch.com/2011/10/17/iri…i-for-android/
Actually you can disable access to Siri when the iPhone 4S is locked with a passcode by going to Settings –> Genera –> Passcode Lock
Did see that there is an option to turn it off, though I believe the default is open. Defaults are powerful.
Siri Passcode Lock
Siri can allow you to interact with your device without needing to unlock your phone. If you have enabled a passcode on your device and would like to prevent Siri from being used from the lock screen you can:
1. Tap Settings > General > Passcode Lock
2. Slide the Siri option to “off”