Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Apple

Siri Protocol Cracked 403

Posted by Unknown Lamer
from the siri-like-way-ogg-speex dept.
First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you." Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.
This discussion has been archived. No new comments can be posted.

Siri Protocol Cracked

Comments Filter:
  • by jollyreaper (513215) on Monday November 14, 2011 @11:40PM (#38055626)

    How long until they crack the unique ID generator and create viable clones of existing phones?

  • by ackthpt (218170) on Monday November 14, 2011 @11:47PM (#38055654) Homepage Journal

    How long until they crack the unique ID generator and create viable clones of existing phones?

    You can probably already buy them on the streets in Shanghai.

  • by CmdrPony (2505686) on Monday November 14, 2011 @11:48PM (#38055660)
    Never, unless they manage to hack into Apple's servers. The ID check is server side.
  • by masternerdguy (2468142) on Monday November 14, 2011 @11:48PM (#38055664)
    The quality of the anonymous coward troll posts is declining. I expected more.
  • by RightwingNutjob (1302813) on Monday November 14, 2011 @11:49PM (#38055666)
    I thought it ran on the phone itself.
  • by iluvcapra (782887) on Monday November 14, 2011 @11:50PM (#38055678)

    How long until they figure out how to clone a phone? They already can do this :)

    Besides, why would an Android user want to goto the trouble? I'm informed (rabidly and often) that Android phones already have superior features and that Siri is merely a clone with fancy marketing.

  • So it's remote? (Score:3, Insightful)

    by Stormwatch (703920) <rodrigogirao@h o t m a il.com> on Monday November 14, 2011 @11:52PM (#38055688) Homepage

    So the iPhone can't really do the speech recognition and synthesis by itself? That's quite underwhelming.

  • by CmdrPony (2505686) on Monday November 14, 2011 @11:52PM (#38055690)
    They say this:

    The iPhone 4S sends identifiers everywhere. So if you want to use Siri on another device, you still need the identfier of at least one iPhone 4S. Of course Apple could blacklist an identifier, but as long as youâ(TM)re keeping it for personal use, that should be allright!

  • by nzac (1822298) on Monday November 14, 2011 @11:56PM (#38055716)

    Appears that Xiph came out on top for speech codecs.

    This also shortly after apple realized that ALAC was going to fail (at least as a closed source product, they may push it better as an open source project now it can be played by everyone).

    They still have the very entrenched AAC though.

  • by Darinbob (1142669) on Monday November 14, 2011 @11:57PM (#38055724)

    That's what they wanted people to think. 99% of all phone apps have very little to do with the actual phone and instead they're just quick reference URLs to some external site that does most of the work. Of course they tie all the apps to the phone so that you can't bypass the store.

  • by Psyborgue (699890) on Monday November 14, 2011 @11:58PM (#38055728) Homepage Journal
    Why would they waste the processing horsepower? It would eat the battery if it was even at all possible. They can do higher quality recognition on their servers anyway. The customer does not need to know where the processing is done as long as "it just works". To the consumer, and even some more technically inclined, it's magic -- and that is the real genius in the way Apple presents it's products. They make people feel like they're somehow in the future, that they're talking to an intelligent phone, that Saint Steve has somehow created artificial life and they get to own a piece of this future for the price of a modest chunk of change and a two year contract.
  • The scam of Siri (Score:5, Insightful)

    by jmorris42 (1458) * <jmorris@beau. o r g> on Tuesday November 15, 2011 @12:00AM (#38055756)

    > I thought it ran on the phone itself.

    Nope, and that is the scam. Basically you are calling a service. Thus they could make Siri available on every iProduct with zero effort. That they decided to hold it as an exclusive feature for the 4S to try and create the 'gotta upgrade' stampede is truly lame. Keeping it to iProducts is ok, they ain't giving away a hefty compute farm after all, who do ya think they are after all, Google? But locking access to the service to one submodel of one product line is a terrible idea.

  • Re:So it's remote? (Score:5, Insightful)

    by Psyborgue (699890) on Tuesday November 15, 2011 @12:01AM (#38055760) Homepage Journal
    I, too am shocked at how many people didn't realize this was all done server side -- especially here.
  • Would Apple mind? (Score:5, Insightful)

    by fluffy99 (870997) on Tuesday November 15, 2011 @12:08AM (#38055792)

    If Apple is learning anything from Google, it's that customer info is valuable. Siri could easily become an advertising platform that rivals Google. Targeted advertising, where companies pay Apple for premium listings ( eg Asking Siri about a Pizza place returns Pizza Hut who paid the most for that key word).

    If that's their angle, they might welcome more traffic to Siri.

  • Re:So it's remote? (Score:5, Insightful)

    by muon-catalyzed (2483394) on Tuesday November 15, 2011 @12:08AM (#38055794)
    The most alarming fact, for me, is that they are sending all my speech data over the Internet to some enormous Cloud database. Oh, and while they have it all, I must trust Apple now that they are not gonna mine this data and send it backdoor to advertisers and other interests.
  • Re:So it's remote? (Score:5, Insightful)

    by mo (2873) on Tuesday November 15, 2011 @12:11AM (#38055818)
    Speech recognition isn't too CPU intensive, but it's *massively* memory intensive. It's not unreasonable for speech recognition engines to eat up a gig of ram, and the 4S only has 512mb. However, push it to a server with lots of ram and it can handle lots and lots of simultaneous speech recognition queries. It's tailor made to be a server-side task. At least until phones have gigs of free memory that aren't needed.
  • Re:So it's remote? (Score:5, Insightful)

    by amiga3D (567632) on Tuesday November 15, 2011 @12:16AM (#38055852)

    What? I think that may be the primary purpose of Siri in the end. Only a small minority give a crap about security anyway.

  • by pipedwho (1174327) on Tuesday November 15, 2011 @12:17AM (#38055860)

    Isn't AAC just the MPEG4 version of what we know as mp3 (which is really just MPEG1/Audio layer 3)? There are already many open source implementations of AAC, so I don't see it as the same thing.

    The real problem with AAC is the MPEG patent swamp. Even if Apple were to release an open source codec, it would still be under the same shadow that hangs over anyone that isn't lining the pockets of the MPEG licensing body.

  • by hydrofix (1253498) on Tuesday November 15, 2011 @12:20AM (#38055872)

    If it is correctly implemented, that's easier said than done. It is not necessarily a key-value pair that are cryptographically verified (i.e. there exists a purely arithmetic function f(x,y) that returns true iff (x, y) is a valid pair, and client is allowed access if it supplies correct (x,y) ) This kind of system would be crackable; just find another arithmetic function f' that returns y for some x (one usually exists).

    However, if Apple knew what they were doing (and they usually do), it's a GUID [wikipedia.org] database stored on Apple's server. Say, they generate a 128-bit random access code for each manufactured iPhone, and the only way you can use Siri is to supply a valid GUID. Such system is virtually uncrackable, because even for a 128-bit GUID and 200 million iPhone 4S manufactured, it would take a staggering 17 million trillion trillion guesses (i.e. HTTP requests to Apple servers) to guess right ONE correct GUID. If one request took a mere 100 bytes with its TCP/IP headers, you would have to transfer 170 million yottabytes (170 million trillion terabytes) of data to find one valid access key.

    Good luck explaining this to your ISP! :)

  • Re:So it's remote? (Score:5, Insightful)

    by mosb1000 (710161) <mosb1000@mac.com> on Tuesday November 15, 2011 @12:20AM (#38055880)

    Well, they send your Siri requests. And, of course, almost everything you do on you cellphone is sent somewhere it can be tracked and recorded.

  • by amiga3D (567632) on Tuesday November 15, 2011 @12:23AM (#38055900)

    The difference being that generally MS bought up rivals to kill their products rather than compete with them. This got superior products out of the way so crappy MS stuff could continue to stifle. Apple buys up new and innovative tech to promote and market it. Have a few billion laying around they can do that now.

  • by CmdrPony (2505686) on Tuesday November 15, 2011 @12:43AM (#38056038)
    Maybe that's a good reason not to root your phone and download unverified stuff from warez places?
  • by demonlapin (527802) on Tuesday November 15, 2011 @12:43AM (#38056040) Homepage Journal

    (rabidly and often)

    No doubt. Those users are the worst thing about having an Android phone.

    I like my Android phone. It does what I need, it does it fairly smoothly. It's not as slick as my iOS devices, but I'm used to the downsides of Android and for the moment I'd rather deal with them than deal with the downsides of iOS. But the fanbois are just awful.

  • by Jeremi (14640) on Tuesday November 15, 2011 @01:00AM (#38056142) Homepage

    Sure. But then you'd have to buy an iPhone.

    ... or eavesdrop on somebody else's iPhone.

  • by jamesh (87723) on Tuesday November 15, 2011 @01:02AM (#38056164)

    Sure. But then you'd have to buy an iPhone.

    Or write an app that 'leaks' that information to a server you control. I'm sure Apple would have no hesitation in blacklisting a few thousand ID's that were leaked, but what if it was a few million?

  • by bhcompy (1877290) on Tuesday November 15, 2011 @01:10AM (#38056192)
    Yet the music player still doesn't support Ogg Vorbis.
  • Apple bought Siri (Score:5, Insightful)

    by dutchwhizzman (817898) on Tuesday November 15, 2011 @01:18AM (#38056234)
    There's an awfully big chance the codec was determined and implemented way before Apple even touched the product.
  • wow (Score:5, Insightful)

    by buddyglass (925859) on Tuesday November 15, 2011 @01:23AM (#38056252)
    It seems fairly ill-advised for a company whose business is developing iOS apps to post their reverse engineering exploits on the corporate blog.
  • by mug funky (910186) on Tuesday November 15, 2011 @01:30AM (#38056274)

    yeah, Apple never ever did that. ever.

  • by ljaguar (245365) on Tuesday November 15, 2011 @01:35AM (#38056292) Homepage Journal

    ... or eavesdrop on somebody else's iPhone.

    the reason why you can't do this is because Siri communicates in HTTPS, so it is not vulnerable to man-in-the-middle attacks. hence, you cannot eavesdrop on somebody else's iphone

    the reason why they could listen to the traffic in the article is because they had access to the root certificate on the iphone itself. you can do this if you have physical access to the phone, but obviously you can't just do this over the air to other people's phones

  • by nzac (1822298) on Tuesday November 15, 2011 @01:40AM (#38056320)

    I would think a general purpose speech codec would not be so hard coded into a product it could not be swapped out in a couple of days. I dont think there is speech recognition optimisation built in.

    Unless they are going to change it (which since its still in beta they could do), its a win no matter how it got there.

  • by rednip (186217) <rednip@NOsPam.gmail.com> on Tuesday November 15, 2011 @01:43AM (#38056332) Journal

    How long until they crack the unique ID generator and create viable clones of existing phones?

    You can probably already buy them on the streets in Shanghai.

    Sounds like a lot of work for a little utility, but hey if you need an excuse to prowl around the seedy areas of China, it's as good as any I suppose.

  • by wierd_w (1375923) on Tuesday November 15, 2011 @01:45AM (#38056346)

    This presumes that the guid assignments are done from the 128bit guid space using some garanteed form of true random.

    Given the number of phones in existence, and that new phones will have to be whitelisted as time passes, (and that random guesses will run the risk of collision) it is more likely that the guid assignment is performed in some sophisticated pseudo random fashion, and as such, identifiable patterns could be detected given a sufficiently large number of known whitelisted guids.

    Once you have that information, and perhaps some other information that apple might use in the guid assignment algorithm (serial number, manufacturing site, date of manufacture, etc...) it should be possible to determine which guids should be valid.

    This sounds like an opportunity for a naughty idevice app developer, who should already be able to get such a list by having their app phone home, and request the device uuid as part of a purchase validation mecchanism. (A popular app could quickly get several hundred active unique ids to work with, perhaps more.)

  • by jibjibjib (889679) on Tuesday November 15, 2011 @01:50AM (#38056382) Journal

    It's not a "pretty useless protection". It's not just checking that the certificate is valid, it's also checking that the certificate authority has a corresponding root certificate installed on the iPhone. It stops anyone who doesn't have access to the phone from eavesdropping or manipulating the data.

  • by jmorris42 (1458) * <jmorris@beau. o r g> on Tuesday November 15, 2011 @02:32AM (#38056564)

    > Apple obviously decided that a minimum 4S hardware platform was required

    Yes, that is what the ad campaign would lead you to believe. The reality is that all of the work is server side and ANY client would work equally well. You could use a basic no frills cell phone, a landline or whatever to talk to Siri and get voice reponses. Any phone capable of hosting an app could interface with it and receive URLs or other trigger events back with a fairly simple client side application. And there are no technical limitations preventing the client from the iPhone 4S running unmodified on any of the iPhones with the same iOS revision installed. Simply, there is nothing unique to the iPhone 4S that enables Siri. But had they rolled it out as a regular iOS update or an app in the Store there wouldn't have been a 'killer feature' to hype for the new phone to drive the lemmings into the store for an upgrade. That is the scam I refer to.

  • Re:So it's remote? (Score:4, Insightful)

    by wvmarle (1070040) on Tuesday November 15, 2011 @02:35AM (#38056572)

    Yet when I call a friend, only my friend received my voice, and he receives it as audio. The phone company doesn't store this (unless they've been requested to wiretap your line - not very common outside of the US luckily - and even then it's normally stored as audio only), they're not even allowed to listen in to it when it happens, they just have to transmit the audio signal from my phone to my friend's phone.

    In this case the audio goes to the vendor of your phone, which then attempts to actively listen in to it and make out what you're trying to say, and as such can store this in a machine processable format. That's the big difference.

  • by Ixokai (443555) on Tuesday November 15, 2011 @03:45AM (#38056852)

    Umm, fact check: Apple doesn't even slightly rely on ads. At all. Apple is not an advertising company, at all.

    They have the iAd product, which is little more then a hobby; Apple's profit is very, very clearly from direct hardware sales to customers -- by a /vast/ margin. Not from ads, ITMS, Apps, any of it. Its hardware sales to customers.

    Its nothing like Google's business model.

    Now, its possible Siri may be a future ad-related or information-related revenue stream, but only if it can be leveraged without harming the hardware sales-- because THAT is what Apple makes its dough on. It'll probably never be a huge deal, though it may be interesting.

    Why is Siri cloud-powered? Perhaps because it has to be. Siri is a lot more then simply a speech recognition system-- even though the best speech recognition apps I've seen on IOS have also involved the cloud.

    Just that alone seems to imply that it may take more processing power (and battery hogging) then mobile devices have to do well. But Siri does a lot more processing beyond that, juggling the possible recognition results based on context, thus changing its interpretation of the phrase and then re-evaluating again.

    All three companies have VERY different business models.

    Google relies on profits from its ad business.
    Apple relies on profits from its hardware sales.
    Microsoft relies on profits from published software.

    Each has bits and pieces that go into others, but the /vast/ majority of their profits comes from their core business.

    I admit to only being passingly familiar with Google and Microsoft's financials. But Apple's are very, very, very clearly oriented towards consumer hardware sales. Not ads, not music, not apps, not services. All of those things do nothing but maintain the ecosystem and thus make the devices more attractive. Apple's actual profit on them doesn't even compare to their actual driving businesses.

  • by cowboy76Spain (815442) on Tuesday November 15, 2011 @04:41AM (#38057114)

    If Apple is learning anything from Google, it's that customer info is valuable. Siri could easily become an advertising platform that rivals Google. Targeted advertising, where companies pay Apple for premium listings ( eg Asking Siri about a Pizza place returns Pizza Hut who paid the most for that key word).

    If that's their angle, they might welcome more traffic to Siri.

    <sarcasm>Yes, they are so thrilled by it. They wanted that everyone could connect to their servers, but they did not know how to make their protocols public. Being hacked has solved that problem!...</sarcasm>

    What this crack means (unless has additional security measures) is that Siri will need a lot more of processing power and, what is worse, there is no way to predict how much power it will need now. Without getting to dip into related profits (selling of hardware / associated programs / etc). I bet they are doing a party right now just to celebrate!

    Seriously, WTF? The crack does not give anything interesting/new away, just puts a third party in a position where it can be abused. If the people behind Siri wanted everyone to connect, they could have stated that themselves. Those are two very simple thoughts that everyone in /. could understand, yet they instead just follow the most retorted logic to justify it.

    At least we are not discussing crimes here. If talking about murders, I bet some of you would posts things like "Thanks to the serial killer that murdered his wife and children, now he can chose a new wife and have more kids!"

  • by shutdown -p now (807394) on Tuesday November 15, 2011 @05:37AM (#38057442) Journal

    Given that Apple are touted as masters of seamless and intuitive user interface design, how come this process isn't automated? It would seem to me that it'd be pretty trivial to, at the very least, detect lack of network connectivity, and turn it off accordingly.

interlard - vt., to intersperse; diversify -- Webster's New World Dictionary Of The American Language

Working...