It turns out that Siri will talk to anyone.
That means that even if you have have locked your iPhone 4S with a passcode, anyone can come along, press the home button and virtual assistant Siri will pop up, helpfully giving away addresses, sending e-mail and texts, according to Graham Cluley of Sophos, an online security research firm. Luckily, Siri has limits and will prompt for a passcode if asked to unlock the phone, read out e-mails or for a call history.
The problem is that using Siri while your iPhone is locked is a feature -- the default mode, likely designed for quick use, such as in a car. However, Apple developers didn't take into account the ease an iPhone can be misplaced or in the wrong hands. Although it can be changed by going into settings and turning off the Siri option, shouldn't Apple have realized the default option should have been the most secure one?
Cluely continued on the Naked Security blog:
What's disappointing to me though is that Apple had a clear choice here. . . . They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system.
Siri doesn't differentiate between voices and its default setting makes it able to talk to strangers, so it's up to iPhone users to protect their own phones and information.