Unfortunately, many users may not be aware of how much personal information your friendly digital assistant will give out when asked.
Exploiting Siri’s Good Nature
This exploit plays on Siri’s want to have your phone returned to you if it’s ever lost. Apple definitely wants lost or stolen phones to be returned and has introduced a number of features to help recover them.Before we get into the security risk in question, there’s a few other features I’d like to mention that can really help you out if you lose your iPhone. Find My iPhone is a fantastic feature that allows a you to lock down a lost or stolen phone, or even display a message on it to the person that may be in possession of your phone.
As great as the Find My iPhone feature is, there’s a hidden setting that can give out more personal information than you may want to in the event your phone is misplaced or stolen. That’s the contact information that Siri can summon from the lock screen by someone simply asking Siri who’s phone this is.
Rather than just providing basic information to return the device, Siri displays the entire contact card, including all phone numbers, addresses, emails, websites, birthday and family members you may have stored there. I was a little shocked to discover that Siri would share this amount of information with someone without having the phone unlocked.
This means that someone could potentially grab your phone in public and ask Siri this question to access your personal information. Apart from them gaining information about where you live, consider the potential for identity theft with things like your full name, birthday and family members.
How to Stop It
For those that just can’t do without Siri on the lock screen, consider creating a new contact card in your phone that contains only the information you want visible and then assigning that contact card as “You.” Keep in mind that apps that rely on the contact card for your Home and Work addresses, or other information, won’t function properly using this option.
If you do choose to disable access completely, ensure that you create a Medical ID from the “You” contact in your phone, so someone is able to reach you in case you lose your phone. The Medical ID option is great because it allows you to specify what information is provided from the lock screen. While not having access to Siri from the lock screen might be a bit of an inconvenience, the increased security gained seems far worth it.
Comments
Post a Comment