IBM: iPhone’s Siri may create new security risks

Apple’s iPhone may be becoming the preferred mobile platform for most business, but some management challenges remain. Recently, tech giant IBM has warned that Siri, the popular voice recognition feature in the latest version of the smartphone, could open companies up to significant security risks. 

Like many organizations, IBM has adapted to the growing trend of IT consumerization by creating a formal bring-your-own-device, or BYOD, program to allow employees to work on their own personal smartphones and other gadgets.

Despite the benefits, BYOD has created a lot of new security risks for IBM, CIO Jeanette Horan recently told MIT’s Technology Review. One way the company has tried to minimize those risks is creating policies about what applications and features employees may use on their devices.

That includes turning off Siri on iPhones that employees use for work. The primary concern: Apple saves users’ search queries in its corporate data center, and that information could potentially be breached or misused, Horan said.

The iPhone’s license agreement tells users that their queries will be recorded and collected, but the company doesn’t say how long it will be held for or who will be allowed to access it.

Even if the voice recognition feature isn’t banned totally, some security experts have warned companies that they must properly configure Siri on users’ iPhones to prevent potential security pitfalls.

By default, Siri can be used when a phone is locked, so it’s possible that someone may be able to use the feature to obtain information from a lost or stolen phone without having to get past the lock screen. For example, Siri might be used to access text messages, emails or other documents on a locked phone.

That can be prevented by accessing the “Passcode Lock” option under the “General” section of Siri’s settings and turning the “Allow access to Siri when locked with a passcode” setting to “OFF.”