iPhone Users: Siri May Be Giving Your Personal Information Away Freely
iPhone Users: Siri May Be Giving Your Personal Information Away Freely
Most iPhone users are familiar with Siri, the bumbling and somewhat effective digital personal assistant included with iOS operating systems. For times when you need to set an alarm or make a hands-free phone call, Siri can be wonderful.
Unfortunately, many users may not be aware of how much personal information your friendly digital assistant will give out when asked.
Exploiting Siri’s Good Nature
This exploit plays on Siri’s want to have your phone returned to you if it’s ever lost. Apple definitely wants lost or stolen phones to be returned and has introduced a number of features to help recover them.
Before we get into the security risk in question, there’s a few other features I’d like to mention that can really help you out if you lose your iPhone. Find My iPhone is a fantastic feature that allows a you to lock down a lost or stolen phone, or even display a message on it to the person that may be in possession of your phone.
As great as the Find My iPhone feature is, there’s a hidden setting that can give out more personal information than you may want to in the event your phone is misplaced or stolen. That’s the contact information that Siri can summon from the lock screen by someone simply asking Siri who’s phone this is.
For those of you that have access to Siri on your Lock Screen enabled, holding the home button down and asking Siri “Who’s iPhone is this?” prompts Siri to display the contact card you’ve selected as “You” on your phone.
Rather than just providing basic information to return the device, Siri displays the entire contact card, including all phone numbers, addresses, emails, websites, birthday and family members you may have stored there. I was a little shocked to discover that Siri would share this amount of information with someone without having the phone unlocked.
This means that someone could potentially grab your phone in public and ask Siri this question to access your personal information. Apart from them gaining information about where you live, consider the potential for identity theft with things like your full name, birthday and family members.
How to Stop It
The best method to prevent this exploit is disabling Siri from the lock screen. There are a number of things that Siri can do from the lock screen that create a privacy concern. This includes sending text messages, providing calendar data/appointments and even making phone calls; all without unlocking the phone. You can disable access to Siri on the lock screen from the Touch ID & Passcode menu in your settings.
For those that just can’t do without Siri on the lock screen, consider creating a new contact card in your phone that contains only the information you want visible and then assigning that contact card as “You.” Keep in mind that apps that rely on the contact card for your Home and Work addresses, or other information, won’t function properly using this option.
If you do choose to disable access completely, ensure that you create a Medical ID from the “You” contact in your phone, so someone is able to reach you in case you lose your phone. The Medical ID option is great because it allows you to specify what information is provided from the lock screen. While not having access to Siri from the lock screen might be a bit of an inconvenience, the increased security gained seems far worth it.
What are your thoughts? Do you have any other important iPhone security tips?
Discussion