Interrogating Siri - iOS Lock Screen Defeated

  • 2 October 2013
  • 14 replies
  • 136 views

Userlevel 7
  • Retired Webrooter
  • 1581 replies
It seems that all the fancy lockscreens in the world still won't protect iOS users from poor, vulnerable Siri.  Shockingly, if a thief steals your iOS device, he's not just getting the device - he's also effectively getting a hostage.  And what do you do with a hostage?  Well, why not interrogate her?  If the thief can't get into the device, maybe the hostage will divulge some useful information without any need to get past the lock screen.  Although Siri is locked down from voice-mail or email access without unlocking the device, there are plenty of other things a malicious user could have her do and plenty of personal information that can be pried out of her.
 
 


image: patch.com
 
Richard[/b] was able to have Siri call his mom, from the lock screen, by just saying, "Siri, call mom."  But, it could have been anyone who picked up his phone calling Richard's mom instead.
 
As Ken Westin notes, what you need to do is disable Siri from the lock screen.
The setting for this is General > Passcode Lock (Allow Access When Locked).
Amazingly, this setting is enabled by default, with seemingly no regard to the user's security.  We recommend disabling this setting immediately.
 
Though none of the questions or commands listed here are things you'd want to let just anybody do with your iOS device, "Give me directions home" strikes me as particularly scary.  If a stalker wants to find out where you live, he needs only to gain access to your unattended iOS device and ask Siri.  The moral of the story is, if you're an iOS user with Siri enabled, be sure to disable her on the lock screen!

14 replies

Userlevel 6
Remember people, check your settings. I have already fixed it on my phone.
Userlevel 7
Many Thanks Jim for the article. It's very interesting read.
 
As for myself I have disabled Siri on my 4S completely because Siri doesn't support my native language and she is hmmm ... how to say politely ... she is quite confused from my english pronouncements. :D So I made her life easier and disabled her. :D
Great article and points. The problem is the solution doesn't apply to my iPhone 5S (iOS 7). Does anybody know how to disable Siri in iOS7? It seems this option is unavailable after most recent update (7.0.3).
Can I assume this does not apply to Android OS ?
Userlevel 7
Hello whaler54 and welcome to the Webroot Community!
 
Yes, you assume correctly.  This bug will NOT affect Android OS.  Siri is a part of Apple's iOS mobile operating system and is not found in Google's Android OS.  
 
@ 
Hi,
Thank you for this helpful article. I tried interrogating Siri and it worked just like you said it would.
She called my mom with the lock screen on.
So I went in and disabled her in the lock screen mode.
I also shared this link with my friends who have iPhones.
 
Priceless!
Thanks again.
Userlevel 7
Hello Latvia123 and welcome to the Webroot Community!
 
Glad you found this interesting!  Stick around as this is a great place to learn not just about Webroot, but about a lot of other tech/security related items as well!
Userlevel 5
@ wrote:
Does anybody know how to disable Siri in iOS7?
To disable Siri completely in iOS 7, go to Settings > General > Siri. When you're there, you can toggle Siri on or off.
 
Hope that helps.
For iOS 7 it's actually:
• Settings
• General
• Touch Id/Pass code
• Allow access when locked (Siri off)
Userlevel 5
@ wrote:
For iOS 7 it's actually:
• Settings
• General
• Touch Id/Pass code
• Allow access when locked (Siri off)
The TouchID part only appears if you have the iPhone 5S. It doesn't show in 5C.
 
Those settings you describe only turn Siri off from the lock screen, which is what this thread is about, and already described. I thought you wanted to know how to switch Siri off completely, and that's why I gave the answer I did.
Thanks Jim: Better late than never! just deactivated SIRI on locked screen!! many thanks!
I also thought is was a good idea to disallow Passbook access when locked also! have the 4S General-Passcode lock-and turned off Siri and Passbook under "Allow access when locked"
Userlevel 6
Make sure you have a longer than average passcode as well. 4 digits are fairly easy to crack with smudges on the screen, but 6 make it far more difficult.
Userlevel 7
Yes, to crack 6 digits will last 30 seconds longer than 4 digits. All passwords can be cracked. It is just question of right tool.

Reply