iPhone 4s users are being warned that the new “Siri” personal assistant feature can bypass the phone’s locking feature, allowing an unauthenticated user to send a text, make a call or calendar appointment without first unlocking the device.
Researcher Eric Fulton has written about the security loophole, which allows Siri to continue receiving commands even when the phone is locked in a blog post. Concerned users should make sure to disable the Siri feature when the phone is locked, using an option under the “Passcode Lock” section of the iPhone’s general settings.
While the fix for the Siri loophole is a relatively easy fix, it is of some concern that it wasn’t a factory-set default in the first place. The security loophole is getting some notice in Apple’s support forums this week, following the release of the iPhone 4S last Friday.
Security researchers said that new convenience features in the 4s and pending iPhone 5 release were sure to present hackers and penetration testers with opportunities to bypass the device’s security. Among them, a feature that allows users to access the camera function while the phone is still locked could prove to be vulnerable to attack, in addition to the voice activation features contained in Siri.
E-mails to Apple regarding this particular privacy implication of Siri were not immediately returned on Tuesday.