Make Siri Safe to Use With This Simple Security Settings Fix

Learn how to prevent Siri from giving up your secrets

Siri screenshot


If you have an iPhone, then chances are you have played around with the Siri virtual assistant. You've probably been asking it all sorts of important questions like, "What's the meaning of life?" or "why do my Shi-Tzu dogs keep treating the cat's litter box like it's an all you can eat buffet?"

As Siri's knowledge and user base grows, there may be potential security issues. I don't think that Siri is going turn into Skynet from the Terminator movies or anything, but there are likely hackers out there who are already working on how to hack Siri and exploit any newly discovered Siri-related vulnerabilities they find.

Fortunately the hackers don't have to work very hard because it appears that there is already a potential Siri-related security risk that is present on your iPhone with it's out-of-the-box default configuration settings.

Apple has decided that users would prefer quick access over device security for the Siri feature which is why that it's default settings have been set to allow Siri to bypass the passcode lock. This makes sense for Apple as they are all about creating a great user experience. Unfortunately, allowing the Siri feature to bypass the passcode lock has the consequence of providing a thief or hacker with the ability to make phone calls, send texts, send e-mails, and access other personal information without having to enter the security code first.

There is always a balance that must be struck between security and usability. Users and software developers must make the choice on how much perceived security feature-related inconvenience they are willing to endure to keep their devices safe versus how quickly and easily they want to be able to use them.

Some people use a iPhone lock screen with a simple 4-digit code while some opt for a more complex iPhone passcode. Other people have no passcode at all because they want instant access to their phone. It's a user choice based on individual risk tolerance.

Block Siri from being able to bypass the screen lock passcode:

  1. Tap on the Settings icon from the home screen (Grey icon with gears in it)
  2. From the Settings menu, tap the Touch ID and Passcode option.
  3. Ensure that the passcode lock option is turned on and that Require Passcode is set to immediately.
  4. In the Allow Access When Locked section of the menu, Turn the Siri option to the OFF position.
  5. Close the Settings menu.

Again, whether you prefer instant access to Siri without the need to have to look at the screen to enter a passcode is completely up to you. In some cases, while you're in the car for instance, driving safely would trump data security. So if you use your iPhone in hands-free mode a lot, then you would probably want to keep the default option, allowing the Siri passcode bypass.

As the Siri feature becomes further advanced and the amount of data sources she is tapped into increases, the data security risk for the screen lock bypass may also increase. For example, if developers tie Siri into their apps in the future, Siri could unwittingly provide a hacker with your financial information if a Siri-enabled banking app is running and logged in via cached credentials and a hacker asks Siri the right questions.

Thankfully, Apple is starting to consider the security aspects of Siri and have prevented some functions from being performed while your phone is locked. One example is if you have a HomeKit (Siri-enabled) door lock, someone can't ask Siri to unlock your door if your phone's lock screen is active.

Brace yourselves folks, as this technology improves and becomes more widespread, a whole new category of virtual assistant social engineering hacks and attacks will be born.