In an Enterprise environment of iOS 5 Siri is a security risk

**Spiel@berg** · 25-10-2011

When we turn on an iphone on our system, we have the alternative of enforcing a pass code, so if the cell phone is left or lost lying around our business information is protected. We also have the choice of "Greying Out" the alternative for the end user to exit the passcode (They can modify it however).However credit to siri, this can now be bypassed by anybody who takes control of the cell phone, they can in information text anybody, call anybody, or email anybody - this includes users in the contacts / swap global address book. Most horrible case situation a thief would have right of entry to email / text anybody from clients to the CEO of the organization and it would come into view to have come from the owner of the cell phone. There is the alternative in the settings to stop siri at the lock screen, on the other hand as an enterprise we are not talented to leave that choice obtainable to the end user as it cooperating our security policies. What we actually require is to be capable to disable and "Grey Out" that alternative - just like we can do with the pass code setting. I spent several time this morning talk about it with Apple and finally spoke to one of their senior consultant in the US "Nathan Rozmus" - he recommend “The feature to disable siri at the lock screen from the swap interface is not presently obtainable."When I pointed out that that meant the iphone4s was inappropriate for a business environment, he repeated the declaration, and advised that I could propose it as a feature demand. unnecessary to say the iphone4s will carry on to be banned on our system, but I think the universal population should be knowledgeable that there is a risk to corporation.

**Aalap** · 25-10-2011

For myself I wouldn't categorize it as a protection risk but each company has their individual policies so it may or may not be depending on where you work. Like you, we too set a figure of ActiveSync policies and users must sign a contract previous to they can synchronize business e-mail. The contract specifies they must notify us instantaneously if a mobile device is stolen or lost and then we'll carry out a remote wipe. I advise that they use a third party manufactured goods like Moxier that allows us to wipe up only the business data and leave their private data (and phone) intact. As I typed that I understand that Moxier has it's own pass code divide from the iDevice. I take for granted Siri can open applications and enter pass codes for them, but the awful guy would have to previously know the pass code on Moxier to obtain to the business data. It's good to be acquainted with that there is at least one workaround to the question/ issue.

**RopeME** · 25-10-2011

"There is the alternative in the settings to stop siri at the lock screen, conversely as an enterprise we are not talented to leave that choice obtainable to the end user as it negotiations our security policies."
Why?

**HankH** · 25-10-2011

No corporation can go away protection in the hands of an end user. That’s why everybody has their own password and username and why security policies are compulsory quite than just gullible people to do the correct thing. Ironically Apple appreciate this - which is why Enterprises are given the aptitude to enforce a pass code and take away the aptitude for an end user to disable the alternatives.