Apple has taken repeatedly a strong stance on privacy protection, especially when it comes to their flagship product, the iPhone. While, undoubtedly, a lot of effort has gone into making it more secure, a lot still hinges on how conscious is the user of the dangers posed by some combinations of enabled settings on the iPhone. One of the easiest ways to bypass the iPhone lock is to take advantage of the fact that many (!) users allow Siri to function after locking the phone. The result? The person that finds accidentally your iPhone wouldn’t need any specialized knowledge to learn a lot about you. Our advice? Toggle off some options now!
A majority of americans are increasingly concerned about privacy breaches
Apple’s encryption battle with FBI over the San Bernardino phone was also very much about branding and marking. Our phone is so secure even FBI has trouble breaking it, the implicit message seemed to be. According to Google Trends that’s when a lot of people searched for "apple security" and other related terms and a CBS News poll showed that americans were divided on whether FBI should be able to force Apple to unlock it: 50% for to 45% against.
There is, however, one area where consensus is clear: 58% responded that they are concerned about losing some of their privacy in the fight against terrorism. Other sources fully support this: BakerHostetler Privacy and Data Protection cites a recent survey which shows that "89 percent of consumers reportedly have avoided companies that do not protect their privacy, and 45 percent are now more worried about online privacy than they were a year ago". Are they right to be concerned?
Consider this plausible scenario
Imagine one of your busy days. You manage to shave off ten minutes to have a cup of coffee and a chat with your friend at a local cafe. When you leave you forget your iPhone on the table. A complete stranger picks it up.
You will buy a new one and restore your preferences, settings and data on the new one. While the loss of the iphone is a pain, at least you know that even FBI had trouble breaking in one of those. Rest easy, right? Well, not exactly.
Just one toggle in the wrong position is all that it takes
Just one toggle in the wrong position (on, as it happens) will enable the aforementioned stranger to ask Siri all kind of questions about you, the owner of the phone. A couple of days ago we stumbled across this attention-grabbing tweet saga that describe someone finding an iphone and trying to figure out how to return it to its owner. Crucially, the phone was locked but Siri was on! So, she figures that if Siri can tell her the most frequently called number, she could then dial it from her own phone and explain the situation:
To cut it short, in the process of trying to figure out how to do it, she discovers that you can ask Siri about a lot of things and learn a lot of personal details about the owner of the phone:
- Full name
- Where that person’s car is parked
What we did to check it this is true
Could this be true? - I wondered.
Being an Android guy, I asked one of my colleagues that is on iPhone if he is using Siri. After he confirmed I asked if I can borrow his locked iPhone for a couple of minutes. Why?, he asks. I explain that it is possible to learn a lot about him even from a locked iPhone provided Siri is on. No way!, he says, but agrees to let me try.
A couple of minutes later I could tell a lot about him, courtesy of Siri mostly (see above). Even more than that is available for an inquisitive mind if know how to ask the correct questions. If, in addition, your iPhone has Today View and Notifications made available in the locked state, you get a whole cornucopia of private stuff.
Needless to say my colleague was disturbed.
Afterwards, I found out this youtube clip showing that not only can you learn private information casually, you can also unlock the iPhone! See below.
How can you avoid this breach of privacy on iPhone
As I mentioned at the beginning it is a matter of a toggle (or a couple of toggles) being on. All you have to do is switch them off. Below you can see a classical case of a before-and-after: the first screenshot shows which settings were on when I did all the snooping (Today View, Notification View and Siri). Once we switched them off (middle screenshot), the iPhone doesn’t offer any occasion for snooping and asks you all the time for the passcode.
Our advice: disable them today!