A vulnerability has been discovered on Apple devices which allows Siri to read emails and text messages aloud while the device is locked.
The Risk
This poses a potential risk to Protected Health Information (PHI) which may be contained in those emails. Please keep in mind that the text messaging of PHI is currently forbidden by policy.
What Is Being Done To Fix It
Apple is working on an update which will fix the issue. The timing is currently unknown.
Workaround Until Apple Update Is Available
The following are the best options that have been identified to work around this problem (from least disruptive to most):
Turn off screen notifications for the mail app:
- Open the Settings app
- Select Notifications
- Then select the Mail app
- Toggle ‘Show on Lock Screen’ off (button is grey instead of green)
Alternatively you can eliminate Siri on the lock screen for all apps:
- Open the Settings app
- Select Siri & Search menu
- Toggle “Allow Siri When Locked” off (button is grey instead of green)
Or lastly you can disable Siri altogether:
- Open the Settings app
- Select Siri & Search menu
- Toggle ‘Listen for “Hey Siri!”‘ off (button is grey instead of green)
NOTE: These menu choices may vary slightly depending upon the iOS version the device is running.
If you have access to Protected Health Information (PHI) on your Apple device please employ one of these options to prevent risk to PHI exposure. If you need assistance or have questions contact the Help Desk.
For more detail see the articles:
https://appleinsider.com/articles/18/03/22/iphone-lockscreen-notification-siri-readout-bug-fix-incoming-from-apple
https://threatpost.com/apple-to-fix-glitch-allowing-siri-to-read-hidden-messages-outloud/130721/
