Apple received criticism this week as iPhone 4S customers realized that Siri - the wise-cracking voice-controlled personal assistant - has been leaving the keys in the door. The feature, whose hands-free element has been a selling point for drivers, is programmed to respond to commands even when the phone is locked with a passcode. While handy if the user isn't in a position to enter the code manually, it overrides the only security feature that prevents someone from, say, using your phone to email an approximation of the lyrics to Justin Bieber's Baby to your ex.
Awkward social missteps aside, the security-overriding measure could allow anyone who picks up your phone to see your upcoming calendar appointments and send emails and texts to anyone in your contacts. To fix this oversight, first set up a security passcode. Then go to Settings>General>Passcode Lock and change the Siri option ('Allow access to Siri when locked with a passcode') to Off.
IT Security blog Sophos criticized Apple's choice to leave Siri's default settings unsecured. What's disappointing to me though is that Apple had a clear choice here, said writer Graham Cluley. They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system.