A lot of people use a Lockcode/Passcode to stop someone else from accessing their phone. Doing so you feel fairly secure that no one can access you information and use your phone without your approval. Now it seems Siri, the new digital assistant in iPhone 4S, not only assist the owner in different tasks, but also might help total strangers use the phone.
Under the right conditions, Siri will bypass your passcode and allow anyone to perform tasks on a locked phone. By default, you can use Siri to make phone calls, check your calendar, send texts and emails to people in your contacts list, and set reminders, even when your phone is locked with a passcode. But it seems you at least can’t interact with installed applications or do Internet searches. This functionality might be something you prefer, and can be very handy if you for instance want to use Siri while driving your car. The possibility to search from the locked screen can be turned on and off, but the problem is that this functionality is turned on by default.
In reality, how many regular users change the default settings in their phone, or even know about what all the settings do? One of the iPhones strengths, and I would say a major reason for the phones success, is that it’s so easy to use. This strength and user-friendly focus can in this case also lead to a potential security issue. You may often hear the argument that “the iPhone is so easy to use that my grandma can use it. You don’t need to change a bunch of settings”. Regarding this new revelation concerning Siri’s behaviour, the user-friendly way of the iPhone highlights the issue with this default setting. The possibility to interact with the phone, in any shape or form, should not be possible by default when a passcode is activ and the phone locked. Because a lot of regular customers are not familiar with changing the settings, because they rearly have to, the security should always be set high by default, with the option to change it if you want or need to.
It’s not an easy task creating a device that is both secure and user-friendly at the same time, and when you try, you tend to walk a fine line. Either you make something that is easy to use, but some security measures can get compromised, or you make it more secure but users have problems using it, because it gets to complicated. The idea to allow the use of Siri from a locked screen was probably done with the best intentions, but in this case it would probably have been better to add a few steps for the user, if they want to do so.
You can change the settings for the Siri functionallity in your iPhone 4S from the following location: Settings > General > Passcode Lock -> and toggle off ‘Allow access to Siri when locked with passcode’.