Siri Protocol Cracked Wide Open To Work With Any Device Or App, But There’s Still A Catch

By

siri-iphone-4

Oh, wow. The engineers over at app developing firm Applidium say they’ve cracked Siri’s security protocol wide open. In fact, using their method, they say that any app and any device can now use Siri in theory. In reality, though? There are a few obstacles remaining.

Applidium deciphered Siri’s protocol by setting up their own custom SSL certification authority, adding it to their iPhone 4S and using it to sign its own certificate for a fake “guzzoni.apple.com” server, which allowed them to sniff out the commands Siri sends to Apple’s official servers.

What did they learn? First of all, Siri identifies itself endlessly… and the only identifiers that return correct results are if your Siri command identifies itself as a specific iPhone 4S.

Two? Apple sends a lot more information back and forth between Siri and its servers than you would think. For example, Apple’s server sends a confidence score and a timestamp of each word when you use its text-to-speech abilities.

At the end of the day, though, Applidium were able to get a correct Siri result by using the cracked protocol to send a command to Siri without using an iPhone at all. But unlike some Siri hackers, Applidium is putting the proof out there, and have provided the tools they used to talk to Siri to the hacking public at large.

What does this mean? In theory, using Applidium’s method, any device could access Siri and get correct results from the servers, as long as they have the unique identifier of an iPhone 4S. That means iPhone 4S owners could theoretically hack their Macs, their iPads, or whatever other devices they own to run Siri. Perhaps more usefully, developers could implement Siri into their own apps, as long as those apps were running on an iPhone 4S. Neat!

(Thanks for the heads up, Mark H.)