Apple refused to unlock the San Bernardino shooter’s iPhone for the FBI, but the Bureau might be interested to learn that there’s some seriously sensitive information that can be accessed on an iPhone without even having to unlock it. In fact, you may be shocked to learn what anyone and everyone has access to on your iPhone without knowing your PIN or passcode.
There’s some good news to be had as well, though: Switching one simple setting will plug up this potentially serious flaw and ensure that your data is safe and secure.
Apple’s virtual personal assistant Siri has had a rocky road since it was first launched as a large-scale public beta in 2011. Very, very rocky. Some serious early issues and severely limited utility turned a lot of people off of Siri, and it would be years before some people were willing to give it another shot. As was the case with Apple Maps, which also got off to a rough start, Siri improved dramatically over time and is now a fantastic tool at the disposal of every iPhone and iPad user.
Unfortunately though, Siri also brings some security issues along with it if you’re not careful.
We’ve noted a few times in the past that by using Siri while an iPhone is locked, anyone is able to access personal, private data that should be guarded under lock and key. For example, a sneaky Siri trick discovered last fall allowed anyone to see your photos and contacts without entering your PIN or password.
Apple hasn’t publicly addressed any of these Siri issues, but it has actually fixed a bunch of them quietly behind the scenes in various iOS updates. In other words, Apple knows that these issues are indeed problems even if it’s not willing to say anything. Well, now there’s another potentially big issue that Apple won’t acknowledge, but we certainly hope it’s fixed soon — perhaps with the rest of the bugs currently plaguing iPhone and iPad users.
First discovered by Spanish Apple blog Seguridad Apple, which has also been the first to reveal a number of similar issues, there’s a problem with Siri that allows anyone with physical access to an iPhone to view, add, modify or even delete calendar events and reminders on an iPhone or iPad. Calendars and reminders often hold information that people want to keep private, so this will be a major concern for some people.
The issue exists in all recent versions of iOS and it’s explained in the video below. Note that the video is in Spanish but you can still see the issue in action.
The good news is that there’s an easy way to prevent people from taking advantage of this oversight. But the bad news is that it’s an all or nothing solution: you have to disable Siri on your lock screen. Open the Settings app and scroll to Touch ID & Passcode. Under “Allow access when locked,” toggle Siri to off.