Siri IS a security risk in an Enterprise environment

[Geckotek]

Better how for a business environment?? Newer is not automatically better. Right tool for the job no more no less.

How about faster, allows my users to work for efficiently.

 

[bighabeeb]

Better how for a business environment?? Newer is not automatically better. Right tool for the job no more no less.

So a phone that's faster and more powerful isn't better? If that's the case, lets roll back all the iphones and give everyone the old big blue blackberry that ONLY does email.

The new device is faster, has a better battery life (supposedly, quite frankly, I've not noticed any improvement...and iOS5 has actually reduced MY battery at least), a better camera (this may not be important to you, but for folks who set displays, or do any work in the field, this is important, or can be)...sure, stuff like "siri" isnt needed in a corporate environment, but isn't being able to NOT take your eyes off the road and send a text or email to let a client know you're running late a benefit? I know that it is for me.

 

[heisenberg123]

probably why RIM even still exists, they are pretty good on the Eneterprise Server side of the business and kept it pretty updated

 

[xraydoc]

I have posted this on other forums - but get a barrage of -
"But you can turn it off responses"

Hoping the average IQ here is a little higher and can understand the issue

When we activate an iphone on our network, we have the option of enforcing a passcode, so if the phone is lost or left lying around our company information is secure. We also have the option of "Greying Out" the option for the end user to turn off the passcode (They can change it though).

However thanks to siri, this can now be bypassed by anyone who takes possession of the phone, they can in fact call anyone, text anyone or email anyone - this includes people in the contacts / exchange global address book.

Worst case scenario a thief would have access to email / text anyone from customers to the CEO of the organisation and it would appear to have come from the owner of the phone.

There is the option in the settings to disable siri at the lock screen, however as an enterprise we are not able to leave that option available to the end user as it compromises our security policies. What we really need is to be able to disable and "Grey Out" that option - just like we can do with the the passcode setting.

I spent some time this morning discussing it with Apple and eventually spoke to one of their senior advisers in the US "Nathan Rozmus" - he advises

"The feature to disable siri at the lock screen from the exchange interface is not currently available."

When I pointed out that that meant the iphone4s was unsuitable for a corporate environment, he repeated the statement, and advised that I could submit it as a feature request.

Needless to say the iphone4s will continue to be banned on our network, but I think the general population should be informed that there is a risk to corporations.

This is a somewhat long thread and I haven't studied every response, however I can tell you with my security code that once the phone locks (i.e., requires a code entered to unlock), Siri will not give me access to emails. I haven't tried texts, but Siri has said, "I cannot access emails until your phone is unlocked."

So for our corporate setting, it doesn't seem to be an issue. Perhaps it's something with your specific configuration??

 

[PNutts]

Wow. My last comment must have been a real buzz kill.

If I remember I'll mention this topic to my CISO/CIO and see what he thinks.

I can't meet tomorrow, CISO can't meet Thursday, so Friday it is! Also on a bi-weekly call with AT&T their mobile expert told us this morning that Siri cannot access e-mail from the lock screen. I don't have firsthand knowledge either way. If true that alleviates much of my concern.

With apologies to the Divinyls, "When I think about this thread I quote myself."