One of the major draws of the iPhone 4S is Siri, Apple’s voice assistant technology. But a team of developers claim that they have “cracked” Siri protocol, in theory opening it up to be used on almost any other device.
According to Apple, Siri works by “sending data to a remote server.” The folks at Applidium identified that server, set up a fake authorization, and in no time had Siri sending data to their very own HTTPS server.
So basically all we had to do was to setup a custom SSL certification authority, add it to our iPhone 4S, and use it to sign our very own certificate for a fake “guzzoni.apple.com”. And it worked : Siri was sending commands to your own HTTPS sever! Seems like someone at Apple missed something!
The implications of this are pretty obvious. By cracking open the protocol, Applidium was able to use Siri without ever speaking through an iPhone 4S. This means that it would be possible to get Siri to work on any device.
Today, we managed to crack open Siri’s protocol. As a result, we are able to use Siri’s recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we’re goign to share this know-how with you.
There’s only one roadblock, and it has to do with specific iPhone 4S “identifiers”:
The iPhone 4S sends identifiers everywhere. So if you want to use Siri on another device, you still need the identfier of at least one iPhone 4S. Of course we’re not publishing ours, but it’s very easy to retrieve one using the tools we’ve written. Of course Apple could blacklist an identifier, but as long as you’re keeping it for personal use, that should be allright!
The full description of what they did is available on their blog, where they challenge developers to get to building apps. “Let’s see how long it’ll take Apple to change their security scheme,” they say.