Hackers reverse-engineer Siri to work with any device

By Lee Kaelin on November 15, 2011, 12:00 PM

Hackers have supposedly managed to reverse-engineer the exclusive Apple Siri personal assistant feature that debuted in last month's iPhone 4S release. They claim the feat enables them to make the service work with virtually any device, including the competition's Android handsets.

"Today, we managed to crack open Siri’s protocol. As a result, we are able to use Siri’s recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we’re going to share this know-how with you," Applidium commented in a blog post about their newly discovered hack.

The team discovered that the service requires a HTTPS connection and identified the Siri server as guzzoni.apple.com. It also required a valid certificate but they found, surprisingly, that a self-signed certificate could be used in place of the valid Apple supplied certificate. “Seems like someone at Apple missed something!”, the researchers wrote.

Security protocols aside, the service works by compressing and then sending the audio to the server. The server then uses a variety of methods to validate the device is trusted, including an identifier unique to each iPhone 4S. Once this stage is complete the servers then send the processed data to the handset.

As evidence of the hack, the folks at Applidium provided a recording of them trying out Siri’s speech-to-text feature (in French) and a text file with the decoded request. The sound sample never went through any iPhone, but nonetheless they were able to get Siri to analyze it.

For developers and those generally curious it offers a good insight into how the service works, and more crucially, how it communicates with Apple's servers. Applidium also released the tools that helped them gain access, which will no doubt prove useful to developers wanting to integrate apps functions into Siri.

However, while they did crack Siri they also realized that each iPhone 4S features a unique identifier used when connecting to the Cupertino-based servers that provide the service. So in order to hack it  you would need to first purchase an iPhone4S, or at least have a willing friend hand out there unique identifier. There is yet another catch, though: Apple has stated they can blacklist any phone from the Siri service if it is flagged for excessive traffic, so finding a willing participant might end up rather fruitless.

Apple has a very proactive, somewhat aggressive approach when it comes to security and exploits so it is uncertain how long this exploit will remain valid. Less than a week ago a developer was booted from Apple's developer program for demonstrating an exploit in the App Store.




User Comments: 7

Got something to say? Post a comment
mattfrompa mattfrompa said:

@burty

you're skewed blanket statements do little to alleviate the underlying problems you attempted to criticize.

-sent from my iwhatever

MilwaukeeMike said:

There; Their... They're different.

Haha, 'Somewhat aggresive' approach? Like when that dude found that iPhone (4 I think) on a bar stool didn't they want to throw him in jail for letting gizmodo have pics of it?

Butch said:

WHO CARES!? Siri is the stupidest thing I have ever seen. Do you people who use it realize that you look and sound like morons talking to this thing? God! People are getting dumber by the minute...

Guest said:

hence why the iphone was created.

DokkRokken said:

butch said:

WHO CARES!? Siri is the stupidest thing I have ever seen. Do you people who use it realize that you look and sound like morons talking to this thing? God! People are getting dumber by the minute...

I don't see how it's 'dumb' to talk to a device to get information.

It's a major improvement over those morons that meander down sidewalks, bumping into people or getting in their way, whilst trying to operate their phone.

dmtcm said:

Something else for them to be doing while driving a vehicle.

Some people can't walk and chew gum at the same time but they get a drivers license and a cell phone.

Sheesh.

Burty117 Burty117, TechSpot Chancellor, said:

butch said:

WHO CARES!? Siri is the stupidest thing I have ever seen. Do you people who use it realize that you look and sound like morons talking to this thing? God! People are getting dumber by the minute...

Seri isn't stupid at all, actually its very useful, For Instance I can read texts messages and reply to them while driving without even looking at the phone, It has made texting in the car as safe as talking.

Also Seri is extremely useful for reminding me of things. As good as reminders apps are it is much quicker to tell Seri when and where I want it to remind me of something and it just does it.

Other useful bits I use Seri for, calling people when driving, asking it "how my day is" in the morning and it reminds me I have meetings that day, this has proven to me most useful so I know to get to work early.

Other than that I haven't really used it to find out the weather and its useless in the UK for finding businesses as its only for the US for the time being. Haven't used it to find ingredients.

Although I have used it to wow people that it can google anything you through at it

Its definately not stupid, freeky and impressive if anything.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.