If you're lucky enough to have landed a new iPhone 4S, then chances are you have been playing around with the new Siri virtual assistant. You've probably been asking it all sorts of important questions like "What's the meaning of life?", or "why do my Shi Tzu dogs keep treating the cat's litter box like it's an all you can eat buffet?"
As Siri's knowledge and user base grows, there may be potential security issues. I don't think that Siri is going turn into Skynet from the Terminator movies or anything, but there are likely hackers out there who are already working on how to hack Siri and exploit any newly discovered Siri-related vulnerabilities they find.
Fortunately the hackers don't have to work very hard because it appears that there is already a potential Siri-reared security risk that is present on your iPhone 4S with it's out-of-the-box default configuration settings.
Apple has decided that users would prefer quick access over device security for the Siri feature which is why that it's default settings have been set to allow Siri to bypass the passcode lock. This makes sense for Apple as they are all about creating a great user experience. Unfortunately, allowing the Siri feature to bypass the passcode lock has the consequence of providing a thief or hacker with the ability to make phone calls, send texts, send e-mails, and access other personal information without having to enter the security code first.
There is always a balance that must be struck between security and usability. Users and software developers must make the choice on how much perceived security feature-related inconvenience they are willing to endure to keep their devices safe versus how quickly and easily they want to be able to use them.
Some people use a iPhone lock screen with a simple 4-digit code while some opt for a more complex iPhone passcode. Other people have no passcode at all because they want instant access to their phone. It's a user choice based on individual risk tolerance.
To block Siri from being able to bypass the screen lock passcode perform the following:
1. Tap on the "Settings" icon from the home screen (Grey icon with gears in it)
2. From the "Settings" menu, tap the "General" option.
3. Choose the "Passcode lock" option in the "General" menu.
4. Turn the "Allow access to Siri when locked with a passcode" option to the "OFF" position.
5. Close the "Settings" menu.
Again, whether you prefer instant access to Siri without the need to have to look at the screen to enter a passcode is completely up to you. In some cases, while you're in the car for instance, driving safetly would trump data security. So if you use your iPhone in hands-free mode a lot, then you would probably want to keep the default option, allowing the Siri passcode bypass.
As the Siri feature becomes further advanced and the amount of data sources she is tapped into increases, the data security risk for the screen lock bypass may also increase. For example, if developers tie Siri into their apps in the future, Siri could unwittingly provide a hacker with your financial information if a Siri-enabled banking app is running and logged in via cached credentials and a hacker asks Siri the right questions.
Brace yourselves folks, as this technology improves and becomes more widespread, a whole new category of virtual assistant social engineering hacks and attacks will be born.