Digital assistants such as Siri are billed as great time-savers, and there’s no denying that Apple’s voice-activated feature can be a real help. But security experts at Trend Micro warn that it also poses a serious privacy risk for iPhone owners.
Even if your iPhone is protected with a PIN or passcode, it could still be possible for someone else to use Siri to learn personal information about not just you, but your relations and other contacts, as well as details about your schedule. Described by Trend Micro as a ‘flaw’, Siri actually acts as a backdoor that enables anyone with physical access to your phone to bypass security features.
The problem arises for people who have Siri enabled on the lock screen. Voice control can be used to garner all sorts of data from your phone, and even perform functions such as placing calls, sending texts, and posting social network status updates. While it is not a new problem — it is something that has been raised on Apple’s support forums several times — Trend Micro is keen to bring the issue to the attention of as many people as possible so they might take steps to protect their data.
Leave your phone unattended and anyone is able to use Siri to check what appointments you have on a given day. They can learn your email address just by asking, and create or delete alarms. Writing on the TrendLabs Security Intelligence blog, Trend Micro says:
Ideally for the mobile device owners, voice commands could be used by law enforcement or first responders to locate the identity of an injured person and even contact a family member, using a command such as, “Call mom”. However, these commands could also be used by a malicious individual to cause harm in a friendship or relationship by a posting a Facebook status such as “now single and not looking” or “Text boyfriend…”.
Even non-iOS users may be at risk. Tens of millions of iOS mobile devices have been sold around the world. A large portion of the world’s population has at least a friend, family member, or colleague that does own an iOS mobile device with Siri enabled. As such, their contact details can be accessed on a locked screen, also putting their privacy at risk.
So what can you do to protect your data? Trend Micro’s advice is simple: disable Siri on the lock screen. It advises what Apple also shares, telling users that they can help protect themselves by heading to Settings > Touch ID & Passcode > Siri and disabling Siri.
Photo credit: Twin Design / Shutterstock