Forgot your password?
typodupeerror
Apple

Siri Protocol Cracked 403

Posted by Unknown Lamer
from the siri-like-way-ogg-speex dept.
First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you." Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.
This discussion has been archived. No new comments can be posted.

Siri Protocol Cracked

Comments Filter:
  • by aXis100 (690904) on Tuesday November 15, 2011 @12:03AM (#38055770)

    Doing the processing on the server seems very slow to me - I can find a contact much faster by pressing the first few letters than waiting for the round-trip latency to siri.

    Heaps of people have tried to demo siri to me and most of the time it was a gimick that failed badly - either was slower than manual methods or just innacurate.

  • by Odin_Zifer (1967888) on Tuesday November 15, 2011 @12:04AM (#38055780)
    If some one where to gather a couple dozen unique ID's they could use those to setup a Siri relay service.
  • by inflex (123318) on Tuesday November 15, 2011 @12:22AM (#38055892) Homepage Journal

    Genuine question... couldn't you just get the GUIDs of existing valid iPhones?

  • by AndrewStephens (815287) on Tuesday November 15, 2011 @12:52AM (#38056094) Homepage

    TFA is actually pretty interesting:

    As you know, the “S” in HTTPS stands for “secure” : all traffic between a client and an https server is ciphered. So we couldn’t read it using a sniffer. In that case, the simplest solution is to fake an HTTPS server, use a fake DNS server, and see what the incoming requests are. Unfortunately, the people behind Siri did things right : they check that guzzoni’s certificate is valid, so you cannot fake it. Well they did check that it was valid, but thing is, you can add your own “root certificate”, which lets you mark any certificate you want as valid.

    Some Apple software (parts of iTunes) goes further and checks that the certificate presented by the server is actually signed by Apple. If the Siri software did this then the server would be impossible to fake man-in-middle-wise without hacking the client itself. Just checking that the certificate is valid is pretty useless protection - any certificate could be valid, what you care about is whether the server is who it says it is.

  • by mug funky (910186) on Tuesday November 15, 2011 @01:04AM (#38056168)

    it's a consortium. Dolby developed AC-3, and some tools they've developed are no doubt in the AAC spec, but AAC is essentially mp3 without the filterbank (which of course changed it a ton), and some nice features like long-term prediction, noise substitution etc etc.

  • Re:The scam of Siri (Score:4, Interesting)

    by InterruptDescriptorT (531083) on Tuesday November 15, 2011 @01:23AM (#38056248) Homepage

    Crickey! Loo' at that. We're very lucky! You almost never see a four digit this far from its native habitat of lurking. Ah she's a beaut!

    Can this become a new Slashdot meme, please?

  • by Fallingcow (213461) on Tuesday November 15, 2011 @03:07AM (#38056702) Homepage

    Apple's actually pretty quick to reject apps for not offering enough functionality over a website. Simply embedding a site in a webview and calling it an app (what was implied to be happening upthread) is pretty much a 100% guaranteed way to get your app rejected.

  • by cgenman (325138) on Tuesday November 15, 2011 @03:17AM (#38056736) Homepage

    It's terribly obnoxiously slow. It's also a lot broader than previous voice-command efforts. I set a baking timer by saying "Siri, set an alarm for twenty minutes from now." I had no idea that "twenty minutes from now" would be something that Siri understood. It just seemed like it would make sense. And it just worked. "Text my wife that I'll be about 10 minutes late" works too.

    Well, it works when the network is responding. And it works terribly slow. But it is really a step towards natural language understanding of voice. Or rather, unlike a lot of other efforts I feel like the phone is trying to understand me rather than the other way around.

How much net work could a network work, if a network could net work?

Working...