Apple's Siri Let's Anyone Use A Locked iPhone 4S

[Hornet]

It's absolutely an oversight and a flaw. Intentional or not, it's fucking broken. If I go and tell me phone to be more secure, and it leaves the front door wide open *by default* that is simple wrong.

Of course none of this is surprising, Apple sucks balls at security. It's not something flashy or marketable or revolutionary, so they don't bother.

Meanwhile Android gets things like full disk encryption. If you want a secure mobile OS, you don't go iOS.

Exactly!

Its a flaw, its an oversight, its a shortcoming, its a mistake, call it what you want, but ultimately, its still an negative thing. An Apple fan can try to brush it aside but its still a bad thing wherever you put it.

I see some argument here assumes that all users out there uses their devices like they do which we know is not true. As long as there's a chance, however small, that other users can be affected, it is a problem.

 

[Spire3660]

This is exactly how it should be implemented, period. There are no if's - if you have a password or code, Siri has to ask for it. If it doesn't, it is a security risk.

All security is a tradeoff between usabilty and security. The only truly secure computer is one that is not plugged in.

 

[oRdchaos]

Does any smart phone come with a pass code lock by default? Not that I'm aware of.

On the same screen you set up the pass code lock, there's a toggle for whether Siri is enabled or not on the lock screen. You don't have to do any additional digging, it's right out in front.

 

[Team Obi Juan]

Does any smart phone come with a pass code lock by default? Not that I'm aware of.

On the same screen you set up the pass code lock, there's a toggle for whether Siri is enabled or not on the lock screen. You don't have to do any additional digging, it's right out in front.

How dare you post with first-hand knowledge of the phone.

 

[Daggah]

All security is a tradeoff between usabilty and security. The only truly secure computer is one that is not plugged in.

Security risks are something that should be managed. They can rarely be eliminated but you should reduce the risk to manageable levels wherever possible. It certainly sounds like Apple failed to do this...and I'm quite certain that most of the people defending them in this thread would be screaming bloody murder if the flaw was on Android instead of iOS.

 

[TwistedAegis]

Security risks are something that should be managed. They can rarely be eliminated but you should reduce the risk to manageable levels wherever possible. It certainly sounds like Apple failed to do this...and I'm quite certain that most of the people defending them in this thread would be screaming bloody murder if the flaw was on Android instead of iOS.

On this forum? Seriously? If Android allowed you to do this, [H]'ers would be all over how the open environment allows you to tweak the settings however you like, and if Apple had forced Siri behind a screen lock, it would be "ZOMG Apple is locked down, can't do what I want with it, teh fail!"

 

[Team Obi Juan]

The button still has to be pressed. You cannot just bark orders at someone's phone and hope to embarrass them. This problem is nothing a right cross can't solve. I suggest not sitting your phone just anywhere if this is a problem for you.

I think not having to unlock the phone is badass. Hopefully you can make calls by doing this as well.

 

[Daggah]

On this forum? Seriously? If Android allowed you to do this, [H]'ers would be all over how the open environment allows you to tweak the settings however you like, and if Apple had forced Siri behind a screen lock, it would be "ZOMG Apple is locked down, can't do what I want with it, teh fail!"

That's a big negative. The assumption pretty much is, if you set a passcode lock on your phone, then it's useless unless you unlock it aside from emergency dialing.

 

[Daggah]

The button still has to be pressed. You cannot just bark orders at someone's phone and hope to embarrass them. This problem is nothing a right cross can't solve. I suggest not sitting your phone just anywhere if this is a problem for you.

I think not having to unlock the phone is badass. Hopefully you can make calls by doing this as well.

And here come the "oh you're just using it wrong" comments from the Apple fanboys.

 

[TwistedAegis]

Does any smart phone come with a pass code lock by default? Not that I'm aware of.

On the same screen you set up the pass code lock, there's a toggle for whether Siri is enabled or not on the lock screen. You don't have to do any additional digging, it's right out in front.

That's a big negative. The assumption pretty much is, if you set a passcode lock on your phone, then it's useless unless you unlock it aside from emergency dialing.

Honestly, after reading oRdchaos' post, I don't really see how there can be any argument. It's up to the user to decide, and it's clearly presented at the same time as setting up your pass code.

 

[Team Obi Juan]

And here come the "oh you're just using it wrong" comments from the Apple fanboys.

Does your android phone default to screen password locks?

 

[Daggah]

Does your android phone default to screen password locks?

When I configure it to be locked, it's locked. When you configure an iPhone 4S to be locked, it isn't necessarily locked. That's all that matters. That is the point that you have no answer for.

 

[Shadowe]

When I configure it to be locked, it's locked. When you configure an iPhone 4S to be locked, it isn't necessarily locked. That's all that matters. That is the point that you have no answer for.

Oh no, you can send a text, or email, or mess with someone's calendar appointments! It's not like you can pull up their bank account numbers and transfer all of their money out...

Then again, if you only read half the comments here you'd think that is whats happening.

If someone's dumb enough to leave their phone lying around when it has all of this important info in it, that's their own fault. You shouldn't be blaming developers for an end user's stupidity. That's like blaming the landlord for the renters leaving the door wide open and unlocked and getting their stuff stolen.

 

[oRdchaos]

When you configure an iPhone 4S to be locked, it asks you on the same screen whether or not you want to keep Siri enabled on the lock screen.

This isn't buried in an Android settings menu where you have to scroll forever to find what you're looking for.

I can provide a screen shot if it's difficult to envision.

 

[Ranma_Sao]

This is a not secure by design feature. Thus it should be fixed. I demonstrated it to someone with their brand new iPhone 4S and they were horrified.

Secure by default is a Microsoft mantra these days, and yes you will find exceptions, but part of being secure and defense in depth is making sure the user doesn't have to toggle settings to be secure.

Secure by default, and defense in depth, anything else is asking for trouble.

Yes, I'm biased.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Team Obi Juan]

This is a not secure by design feature. Thus it should be fixed. I demonstrated it to someone with their brand new iPhone 4S and they were horrified.

Secure by default is a Microsoft mantra these days, and yes you will find exceptions, but part of being secure and defense in depth is making sure the user doesn't have to toggle settings to be secure.

Secure by default, and defense in depth, anything else is asking for trouble.

Yes, I'm biased.

This posting is provided "AS IS" with no warranties, and confers no rights.

Read:

When you configure an iPhone 4S to be locked, it asks you on the same screen whether or not you want to keep Siri enabled on the lock screen.

This isn't buried in an Android settings menu where you have to scroll forever to find what you're looking for.

I can provide a screen shot if it's difficult to envision.

 

[faugusztin]

Read:

Understand - Siri should work only if you say the code as well, even if enabled with lockscreen with security code se4t.

 

[Team Obi Juan]

Understand - Siri should work only if you say the code as well, even if enabled with lockscreen with security code se4t.

I disagree - it should be up to the user. And when you set it up, you have that option.

 

[dr.stevil]

Wait, this thread is not going as planned. Will someone please bash Steve Jobs?

lol

 

[faugusztin]

I disagree - it should be up to the user. And when you set it up, you have that option.

No, the option i described is not present. The options when you have the lockcode set are :
- Siri Off - no Siri
- Siri On - lockcode ignored for some functions.

 

[jonnejon]

Fail by Apple. Lol

 

[Team Obi Juan]

No, the option i described is not present. The options when you have the lockcode set are :
- Siri Off - no Siri
- Siri On - lockcode ignored for some functions.

You are wrong.

 

[Team Obi Juan]

You are wrong.

N/M, I think I understand you now.

You want:

1) No siri with it locked
2) Some siri with it locked
3) Some siri with it locked but have to say the password


Well, maybe. I think option 3 sucks, though.

 

[LonerVamp]

When you want your phone locked, you don't want to have to also click other lock buttons to make it *really* locked. You just want it locked. It doesn't matter if that option is on the same screen or elsewhere. It should pop up and force an "opt in" or "opt out" decision.

That Siri button should automatically switch to Off when you set Lock On. That's completely reasonable.

It is beyond amusing and into the realm of "denial" that Apple fanboys over the years will wiggle and weasel and argue or just insult in order to defend their purchase. Not surprised at all the number of first page responses under the category of "feature" and "you're using it wrong."

Unless publicly pressured and embarassed, Apple (and by that same token many of its developers and users) does *not* think about security. At all.