A story picked up from ACBCases ran on BusinessInsider calling for a serious security flaw in iOS 7 that allowed anyone to bypass the Passcode, using Siri to make calls, update Facebook/Twitter statuses and even send messages.
Although this doesn’t look like a universally-working security flaw, you might want to make sure you disable Siri on the lockscreen just so no one accesses anything via Siri without entering the passcode (or authenticating via TouchID).
By default, Siri is accessible through the lockscreen. This means that even without entering a passcode, anyone can long-press the home button and Siri will spring up. Only, in iOS 6 and in iOS 7, Siri has limited functionality when the screen isn’t unlocked yet. By limited functionality, you can’t make calls, or send messages or access apps or change settings or most of what Siri usually does.
Apparently, with the recent upgrade, it looks like that wall of limitation was broken down. At least, for some users. On an iPhone 5 tested by Aaron (of ACBCases) it was possible to make a call, send Facebook/Twitter statuses and send texts even without unlocking the screen using a passcode.
- Go to Settings
- Tap on General
- Now on to Passcode (if you are using iPhone 5s, it should be Passcode & Fingerprint)
- In the section that reads ALLOW ACCESS WHEN LOCKED, turn off for Siri.
With this, Siri won’t turn on when someone long-presses the home button on the lockscreen. With Siri switched off on lockscreen, the potential security risk is negated.
The commentary to this isn’t very interesting. The flaw is not on all devices – as per user comments. Siri blocks out most functions when there’s a passcode lock and this is the experience we’ve got with our devices.
This is not the only security concern on iOS 7 though. There are more.