Being able to access Siri from the lock screen has created a potential security risk, but Apple thinks it has the answer via a combination of a special phrase and authenticating the user’s unique voice.
According to a report, Apple said in a patent application that by combining a special phrase with authenticating the user’s unique voice, Siri will only respond to that instead of whoever gets a hold of the phone. The patent application covers an Apple invention that trains Siri to learn the voice of the owner before responding to the command.
“Up until now when a digital assistant has been invoked with a voice command, the digital assistant is responsive to the speech itself, not to the speaker. Consequently, a user other than the owner of the electronic device is able to utilize the digital assistant, which may not be desirable in all circumstances,” Apple stated in the patent, according to the report.
The process would work like this based on the patent application: The iPhone user would have to choose a word or phrase, which would become the Siri access code. The phrase and characteristics of the user’s voice would be stored on the device and only enable Siri to be activated if the combination of the two were detected. If the voice didn’t match the stored pattern, the iDevice would ask the user to use the Touch ID or enter a passcode. The report noted that it’s hard to reliably distinguish an individual voice, which is why the specific phrase is required. It also said it’s not clear if anything will come out of the patent application.
In November reports surfaced that Apple iPhone users are reportedly being tricked into spilling the beans on all their personal information, including text messages, emails, browsing history and photos, and they have Siri to thank. According to a report by Forbes, while there are several steps involved in tricking Siri into divulging information on the phone, it can be done. The first thing fraudsters have to do is determine the phone number of the iPhone, which Siri provides. They then place a phone call from another phone, which is answered with a text reply, but instead of entering a message, Siri is asked to engage in some actions, including enabling VoiceOver, which allows people to interact with iOS via gestures. An example of this attack was posted on YouTube, noted Forbes.