10-20-11 10:09 AM
30 12
tools
  1. kojisan's Avatar
    Found this article on Cnet.
    http://http://news.cnet.com/8301-27080_3-20122632-245/bad-siri-shell-let-anyone-use-a-locked-iphone-4s/?part=rss&tag=feed&subj=InSecurityComplex

    Appears there is a security concern with little old Siri.

    "What's disappointing to me though is that Apple had a clear choice here," Sophos' Graham Cluley writes in a blog post. "They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."

    The part I'm getting a kick out of is the comments below the blog post. All the fanbois with their persecution complex yet I'm pretty sure I saw a bunch of them sounding off in here when the brute force password issue came up a few weeks back.

    Like grains of sand through an hour glass . . .
    Last edited by kojisan; 10-19-11 at 03:53 PM.
    miktro likes this.
    10-19-11 02:54 PM
  2. rdkempt's Avatar
    Unfortunately, convenience and security aren't friends. =\
    10-19-11 02:56 PM
  3. avt123's Avatar
    So this isn't an iOS 5 flaw, it's a Siri flaw. Might want to edit the title because it's misleading. I'm on iOS 5 but I don't have Siri.
    Shlooky likes this.
    10-19-11 03:17 PM
  4. MissJennell#IM's Avatar
    I don't have not seen this issue yet with iOS 5. Also, like someone else said it's not an iOS 5 issue. It is a siri issue.
    10-19-11 03:23 PM
  5. kojisan's Avatar
    Well it is iOS5 that allows a program to act within it's environment so technically the vulnerability is iOS5. Instead of locking out programs when the phone is "locked" it allows Siri to operate. Yup, arguing semantics but that's the game with APPL.
    10-19-11 03:56 PM
  6. avt123's Avatar
    Well it is iOS5 that allows a program to act within it's environment so technically the vulnerability is iOS5. Instead of locking out programs when the phone is "locked" it allows Siri to operate. Yup, arguing semantics but that's the game with APPL.
    And technically that version of iOS 5 is only available on the 4S. So this is a iOS 5 issue for the 4S not iOS 5 in general. Specifics count here as not all iOS 5 users have Siri. The majority of them don't.
    10-19-11 04:50 PM
  7. habs_fan's Avatar
    And technically that version of iOS 5 is only available on the 4S. So this is a iOS 5 issue for the 4S not iOS 5 in general. Specifics count here as not all iOS 5 users have Siri. The majority of them don't.
    Not trying to start an arguement, but apple has sold 4 million iphone 4S. How many 4's are there? Do we know?

    Posted from my CrackBerry at wapforums.crackberry.com
    10-19-11 05:53 PM
  8. avt123's Avatar
    Not trying to start an arguement, but apple has sold 4 million iphone 4S. How many 4's are there? Do we know?

    Posted from my CrackBerry at wapforums.crackberry.com
    Way more than 4 million man. The iPhone 4 is apples best selling smartphone ever.
    MissJennell#IM likes this.
    10-19-11 05:56 PM
  9. kg4icg's Avatar
    And how many people have updated there iPhone 4's to ios5 to which will result in the same problem as the above op has posted?


    Logic is fun against emotional people.

    Sent from my T7575 using Board Express
    10-19-11 06:14 PM
  10. avt123's Avatar
    And how many people have updated there iPhone 4's to ios5 to which will result in the same problem as the above op has posted?


    Logic is fun against emotional people.

    Sent from my T7575 using Board Express
    Yes, logic is fun, and on this particular subject you lack it. Siri is only on the 4S. iPhone 4 users can only get it via jailbreak.

    Emotional? Not at all. It's just nice when misinformation isn't spread.
    10-19-11 06:18 PM
  11. BBThemes's Avatar
    Yes, logic is fun, and on this particular subject you lack it. Siri is only on the 4S. iPhone 4 users can only get it via jailbreak.
    logic clearly isnt the word you were looking for. being informed is what ya meant.

    either way i still find it amusing how iphone and android users (some of whom were BB users admittedly) find it totally acceptable to come on here and post negative stuff on RIM with (lets be very honest here) totally misleading titles/content, yet as soon as the shoe`s on the other foot its suddenly not fair.

    i seem to recall the phrase `if you cant take cirticism, then dont give anyone else any`, maybe theres a lesson there.
    meganVee and Blacklac like this.
    10-19-11 06:26 PM
  12. avt123's Avatar
    logic clearly isnt the word you were looking for. being informed is what ya meant.

    either way i still find it amusing how iphone and android users (some of whom were BB users admittedly) find it totally acceptable to come on here and post negative stuff on RIM with (lets be very honest here) totally misleading titles/content, yet as soon as the shoe`s on the other foot its suddenly not fair.

    i seem to recall the phrase `if you cant take cirticism, then dont give anyone else any`, maybe theres a lesson there.
    I agree. Misinformation should not be spread. I have never created a thread or made a post with misinformation about RIM. I think RIM is a great company in a rough spot. To this day I still say the 9000 is my second favorite device ever, and my favorite BB ever made. I bought one on launch day. Negative threads get old fast.

    And yea, I used the word logic the wrong way.
    10-19-11 07:10 PM
  13. TGR1's Avatar
    You do realize there is a setting to turn this access off?
    10-19-11 09:12 PM
  14. avt123's Avatar
    You do realize there is a setting to turn this access off?
    Just like you can turn off javascript for the BB browser security flaw.
    K Bear likes this.
    10-19-11 09:15 PM
  15. TGR1's Avatar
    Just like you can turn off javascript for the BB browser security flaw.
    Not really. I assume javascript is needed for other things, or can be, correct? It isn't meant to be an on/off toggle.
    10-19-11 09:19 PM
  16. avt123's Avatar
    Not really. I assume javascript is needed for other things, or can be, correct? It isn't meant to be an on/off toggle.
    You can turn javascript off in the browser to prevent the flaw. You wont have a "fully functioning browser", but it will prevent the flaw for those who actually care.

    I'd leave it on. Once mobile devices are hacked at an alarming rate, then I would be concerned.

    All of my really important info on my iPhone has AES 256 bit encryption anyways. My contacts aren't stored on my device, they are in Google cloud via exchange.
    10-19-11 09:24 PM
  17. Shlooky's Avatar
    One of the advantages of iOS 5 is that it's module based. Apple will patch it over the air once they fix the security hole.

    No worries mate!
    10-19-11 09:28 PM
  18. TGR1's Avatar
    You can turn javascript off in the browser to prevent the flaw. You wont have a "fully functioning browser", but it will prevent the flaw for those who actually care.

    I'd leave it on. Once mobile devices are hacked at an alarming rate, then I would be concerned.

    All of my really important info on my iPhone has AES 256 bit encryption anyways. My contacts aren't stored on my device, they are in Google cloud via exchange.
    That's what I meant. It's a workaround unlike the actual ability to turn this feature of Siri on or off. It probably would have been more prudent for Apple to have turned it off by default.

    ETA: Really, it isn't so much a flaw as a design choice: I can't post the link but check out the article on Macrumors from the 14th.
    Last edited by TGR1; 10-19-11 at 09:34 PM.
    10-19-11 09:29 PM
  19. avt123's Avatar
    That's what I meant. It's a workaround unlike the actual ability to turn this feature of Siri on or off. It probably would have been more prudent for Apple to have turned it off by default.
    Yep. I'm sure Apple will try and patch it fast, especially since iOS 5 now has OTA capabilities, and pushes out updates whenever they please.
    10-19-11 09:32 PM
  20. TGR1's Avatar
    Not a flaw, doesn't need patching: Apple provides a setting that allows you to turn it on and off.

    Unless you mean next update they flip it. Yes, very likely.
    10-19-11 09:36 PM
  21. avt123's Avatar
    Not a flaw, doesn't need patching: Apple provides a setting that allows you to turn it on and off.

    Unless you mean next update they flip it. Yes, very likely.
    I mean Apple will patch it so you can leave it on without having to worry. I doubt most people right now give a rats *** anyways.
    10-19-11 09:44 PM
  22. Jake2826's Avatar
    Interesting find. Apple is still lacking in the security department.
    10-19-11 09:51 PM
  23. anon3396357's Avatar
    Avt123 and MissJenell are right. It's a Siri issue.

    And it really is illogical to say that it's an iOS 5 flaw because of Siri.

    iPhone 4S + iOS 5 = Siri = Security flaw
    iPhone 3GS + iOS 5 = No Siri = No security flaw
    iPhone 4 + iOS 5 = No Siri = No Security flaw

    Fact: Logic escapes all fanboys.
    Shlooky and avt123 like this.
    10-19-11 09:58 PM
  24. bobauckland's Avatar
    Thats a good point, possibly some non Apple fans forgot the fact that Siri is prevented from running on earlier iPhones than the 4S even though it technically could, so that Apple could push it as a Premium feature worthy of an upgrade to an otherwise unremarkably different phone.
    10-20-11 03:44 AM
  25. Accidental Post's Avatar
    Just like the article says try it grab my phone and try siri from the lock screen. You know what you get? NOTHING! This security flaw is no different than a BB user not protecting their BB with a passcode.
    10-20-11 06:39 AM
30 12
LINK TO POST COPIED TO CLIPBOARD