Siri may be exposing you

hsoi blog, talk Leave a Comment

I love Siri, Apple’s “digital assistant” in my iPhone. Typing on an iPhone or iPad, to me, is cumbersome. Being able to use voice dictation or Siri greatly facilitates things for me – especially when using my Apple Watch. And of course, isn’t intelligent voice command what science fiction always promised? 🙂

One thing I didn’t know about Siri was the command “Who’s iPhone is this?”

Unfortunately I learned about it via ITS Tactical’s article: iPhone Users: Siri May Be Giving Your personal Information Away Freely.

Rather than just providing basic information to return the device, Siri displays the entire contact card, including all phone numbers, addresses, emails, websites, birthday and family members you may have stored there. I was a little shocked to discover that Siri would share this amount of information with someone without having the phone unlocked.

This means that someone could potentially grab your phone in public and ask Siri this question to access your personal information. Apart from them gaining information about where you live, consider the potential for identity theft with things like your full name, birthday and family members.

Of course, Apple (and Siri) are trying to be helpful, especially towards helping reunite lost iPhones with their owners.

Alas, it’s a little too helpful.

I keep a full Contact card for myself because a great many systems rely upon knowing information about “me” to function optimally (and it facilitates my life and workflow). But of course, if someone found my phone, they do NOT need to know all of this information about me!

ITS provides a reasonable workaround for now (using the Medical ID, disabling access to things from the Lock Screen), but truly this is something Apple should work to remedy. To that end, I just filed a bug with Apple, rdar://problem/22168985

Thanx to the folks at ITS Tactical for this information!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.