DJP Update 10-20-2011 ALERT: Security & Privacy issues with 2 programs on Apple iPhone 4S “Siri” and “Voice Dial” ; LAGNIAPPE
I strongly recommend that you not allow any company to capture your phone book or contacts kept on your smart phone.
I realized this could happen with Dragon dictation app on iPhone and thus did not get that app. However, the new iPhone 4S with the new operating system has two features that allow the security code or lock code to be breached PLUS the Siri command application built into the iPhone 4S sends your contact book information to Apple server. To me that is unacceptable. It is dangerous if one has any confidential information contained in address or contact book such as bank passwords, social security numbers of family members etc. Also there may be phone numbers of individuals in your contact book who wish their number to remain confidential.
Two ways to breach the passcode lock on iPhone 4S.
1- press home button on iPhone and Siri asks you to give command. (Siri is ON by default) If you say you want to call someone, it looks up number, shows it on screen, and dials number even when phone locked. You can turn off Siri and that will disable Siri and prevent Siri functioning. Apple also says in fine print (that info is on the iPhone but you have to dig through menus to find it) that if you turn it off, the info on Apple server will be erased. Let’s hope that is true. Apple warns it will take time to gather your data and respond quickly to a command if you turn it back on.
2- Even with Siri turned off, the Voice command function still works and can access phone numbers and call when phone locked! You have to turned that function off in the password section.
ALL OF THIS SHOULD BE EXPLAINED IN BIG LETTERS WHEN BUYING AN iPhone! One should not have to discover this from reading fine print that most people don’t know where to find on iPhone. One should not have to learn about this in tweets or blogs etc.
RECOMMENDATION: Value privacy and confidentiality over voice commands and the utility of having “Siri” find you a restaurant or some other place in area you are in. Use a search engine.
One must guard against identity theft and loss of personal data. As I have testified when on the AMA Board re patient privacy and medical record confidentiality and stated on TV shows (see YouTube Today Show and Good Morning America at www.youtube/IntrepidResources) regarding my comments about CIA Website being broken into and vandals wrote “Central Stupidity Agency” on home page! I found that when going to CIA site for info about a foreign country I was about to visit and lecture there. I went back an hour later and the offending message was gone. The point is vandals appear to break into many data sites despite the security firewall.
Here are the tweets I did about this today. You can find the steps in the tweets to get to the off switch for these two functions: “Siri” & “Voice Dial”
——–
DJPNEWS Donald Palmisano
To prevent anyone diaing #iPhone when locked using Home Button “Voice Dial”: Settings – General – Passcode Lock – turn off “Voice Dial”.
47 minutes ago
DJPNEWS Donald Palmisano
More #APPL #security re #iPhone 4S: even with #Siri turned off: access & call contacts with home button & “VoiceControl” even if locked
55 minutes ago
DJPNEWS Donald Palmisano
The #privacy issue #Siri #iPhone 4S & OS 5 is same problem I read about #Dragon dictation App – it too takes address book/contacts. #Avoid
2 hours ago
DJPNEWS Donald Palmisano
Proof #APPL new OS iPhone 4S #Siri puts your contact data on Apple server: Go Settings, General, Siri, “About Siri and Privacy”. #gadgets
2 hours ago
DJPNEWS Donald Palmisano
More: #Apple #Siri voice: can breach security when #iPhone locked; plus Siri puts contact info Apple server. #privacy #confidentiality #APPL
2 hours ago
DJPNEWS Donald Palmisano
I turned off #Siri #iPhone 4S for security so access denied=phone locked. Shocking = #Apple collects address book data = Siri. Go settings
2 hours ago
DJPNEWS Donald Palmisano
I just tested the security problem with #Siri on new #iPhone 4S & phone locked; I can give commands per read.bi/pqqZ35 – can disable
3 hours ago
DJPNEWS Donald Palmisano
Impt for #privacy – new OS #iPhone 4S #Siri RT @SAI: Here’s How Siri Could Be A Total Security Threat $AAPL by @_dtl read.bi/pqqZ35
3 hours ago
——–
LAGNIAPPE: Read George Will regarding difference between Republic & a Democracy: http://tinyurl.com/3ckbdf5
DJPNEWS Donald Palmisano
George Will & a true teaching moment: A Republic, Guaranteed” http://tinyurl.com/3ckbdf5 #Constitution #Republic #Democracy #TABOR #tcot #tlot #p2
3 hours ago
——-
Stay well.
Donald
P.S. Stop by http://twitter.com/DJPNEWS and sign up for DJPNEWS to get tweet alerts that may not make it into DJP Updates. Twitter is free and takes minutes to join. Put email in and pick password. Great source of breaking news and you don’t flood your email with it. You can get free app for BlackBerry or IPhone etc and you check on tweets when you want. With newer operating systems, such as SNOW LEOPARD on Mac, you can put Twitter apps on your notebook or desktop.
Go to: http://www.youtube.com/user/IntrepidResources
Leave a comment and encourage others to visit!
Also, recent selected DJP Updates can be found at: www.DJPupdates.com
Donald J. Palmisano, MD, JD
Intrepid Resources® / The Medical Risk Manager Company
5000 West Esplanade Ave., #432
Metairie, LA 70006
USA
504-455-5895 office
504-455-9392 fax
DJP@donaldpalmisano.com
www.donaldpalmisano.com
www.onleadership.us
DJP Updates: www.DJPupdates.com
Twitter: www.twitter.com/DJPNEWS
YouTube: http://www.youtube.com/user/IntrepidResources
This DJP Update goes to over 2300 leaders in Medicine representing all of the State Medical Associations and over 100 Specialty Societies plus some other friends.
You can share it with your members and it has the potential to reach 800,000 physicians.
To join the list, send me an email stating “Join DJP Update”
To get off the list, state ” Remove DJP Update” in subject line.