Slashdot Mirror
Siri Protocol Cracked
First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you."
Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.
While you could write an Android app or anything else, the protocol sends an unique ID with the request. That ID is unique to every iPhone 4S. End result being, you can probably use your own for your personal use, but if you try to sell an App for Android and include your ID with it, Apple will just blacklist it. So you will still need your own iPhone 4S.
3.. 2.. 1...
A feeling of having made the same mistake before: Deja Foobar
The quality of the anonymous coward troll posts is declining. I expected more.
To offset political mods, replace Flamebait with Insightful.
I thought it ran on the phone itself.
... the SWAT team showed up
So the iPhone can't really do the speech recognition and synthesis by itself? That's quite underwhelming.
Circumcision is child abuse.
Appears that Xiph came out on top for speech codecs.
This also shortly after apple realized that ALAC was going to fail (at least as a closed source product, they may push it better as an open source project now it can be played by everyone).
They still have the very entrenched AAC though.
While this is an enviable achievement, I must say I am not that happy and here's why.
Apple fan boys are going to ramp up the mantra that Android geeks are behind this effort. With Ice Cream Sandwich's code released, we will be seeing an Android app pretty soon.
What will happen next are events reinforcing the myth that Android is a stolen product.
It's a sad day indeed.
> I thought it ran on the phone itself.
Nope, and that is the scam. Basically you are calling a service. Thus they could make Siri available on every iProduct with zero effort. That they decided to hold it as an exclusive feature for the 4S to try and create the 'gotta upgrade' stampede is truly lame. Keeping it to iProducts is ok, they ain't giving away a hefty compute farm after all, who do ya think they are after all, Google? But locking access to the service to one submodel of one product line is a terrible idea.
Democrat delenda est
I knew this long ago... I just asked "Siri, what protocols are you using to communicate with your server?"
When the copyright term is "forever minus a day", live every day like it's the last.
"Siri, Don't sue. Confirm.", Siri, "I'm afraid I can't do that Dave."
If Apple is learning anything from Google, it's that customer info is valuable. Siri could easily become an advertising platform that rivals Google. Targeted advertising, where companies pay Apple for premium listings ( eg Asking Siri about a Pizza place returns Pizza Hut who paid the most for that key word).
If that's their angle, they might welcome more traffic to Siri.
Hell, even the name comes from its origin: Stanford Research Institute. SRI wrote it, finished it, Apple bought it, closed it up. That's Apple's prerogative, but it should be very clear that they're now very much in the Microsoft territory of knowing who to buy over what to write.
I'm not sure you really understand what source code is. The ICS source release has nothing to do with developers who write apps that use the Siri protocol. Nothing. At. All.
You really think Android and iOS just HAPPENED to be so similar and just HAPPENED to come out within a year of each other? You are seriously that gullible?
All that will happen is that Apple will simply tack on a requirement to register a 4S with serial number, original purchase receipt and a plan verification from the cell provider before you can use SIRI. So confirmation from 3 different sources would be much more inconvenient for hackers to bother with.
Plus that fact that SIRI servers, if inundated with requests from all devices, would not handle the overload and be very poorly responding, making the hackers not want to use it anyway.
Either way, these hackers who think they are so very smart, are actually quite stupid for failing to anticipate that there are so many ways for them to lose.
.. can you ask Siri "where to hide a body" before a backend notification gets emailed to a detective at your local PD?
That's what she said.
I don't see an Android app being allowed access to an Apple server. Somehow I think someone at Cupertino will frown on that.
I am shocked anybody wants a "plastic pal that's fun to be with" in the first place. I mean, sh!t, did anybody notice that GPPs are made by Sirius Cybernetics in his books? Douglas Adams is probably suing Steve Jobs in ghost court right now.
© 2002-2003, Jean-Marc Valin/Xiph.Org Foundation
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of the Xiph.org Foundation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
This software is provided by the copyright holders and contributors “as is” and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the foundation or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
The only people who think Android is stolen are either a) below contempt or b) worthy of being punched or c) OMG STEVE JOBS IS MY GAAWWWDDDDD!!!!!! and probably fit squarely into a) and b) already.
That's why almost all apps work in airplane mode? Must be magic!
What will happen next are events reinforcing the myth that Android is a stolen product.
It's a sad day indeed.
You're telling me. I was trying to use my iPhone yesterday and half the OS was missing! Stolen from right under my nose.
TFA is actually pretty interesting:
Some Apple software (parts of iTunes) goes further and checks that the certificate presented by the server is actually signed by Apple. If the Siri software did this then the server would be impossible to fake man-in-middle-wise without hacking the client itself. Just checking that the certificate is valid is pretty useless protection - any certificate could be valid, what you care about is whether the server is who it says it is.
sheep.horse - does not contain information on sheep or horses.
Oh, and while they have it all, I must trust Apple now that they are not gonna mine this data and send it backdoor to advertisers and other interests.
So in protest you are going to buy a GOOGLE Android phone?
Yes, your data is quite safe from advertising profiling there!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I knew they were doing some heavy lifting on the server side, cause obviously it doesn't work without a network connection.
However, I figured they would at least do an initial processing pass on the phone and pass up the data points to the server instead of the raw audio. That at least would make sense, and you'd be able to pass much smaller amounts of data. It would also explain the need to have better hardware on the phone. Sending the raw audio seems insane.
I wouldn't be so admired if at the end of the line we could find an unknowingly Google plus an unwittingly Apple.
There's an awfully big chance the codec was determined and implemented way before Apple even touched the product.
I was promised a flying car. Where is my flying car?
It seems fairly ill-advised for a company whose business is developing iOS apps to post their reverse engineering exploits on the corporate blog.
While it's not EXACTLY the same, Android already has speech recognition that can do a google search. Lets keep some perspective, Siri is an incremental improvement, not some amazing and unfathomable technology our star friends shared with Apple.
First time accepted submitter
Long time listener, first time caller. Thanks for taking my call.
Advice: on VPS providers
You say "incremental" as if it's a bad thing. Most of the world's consumer tech revolutions are merely increments and/or well-polished amalgamations of existing tech that made it more accessible to more people. The truly bleeding-edge technologies are too far outside the worldview of most people for them to bother with.
No, nothing wrong with it, it's just contrary to the marketing message and the fanbois. The same failure to recognize the incremental nature of most developments is at the heart of the IP sue-a-thon going on these days.
Sure, you could.
But presumably as soon as a "Siri for Android" app started to get popular, Apple could just blacklist that identifier from the system.
You could make an app that allowed a user to input their own identifier. Then each person who wanted to do it would have to go find a friend with an iPhone, and you could probably get away with that. But it'd be inconvenient at best.
I cannot for the life of me think of any reason anyone would want or need siri on any platform. Thanks but no..
Apple will simply tack on a requirement to register a 4S with serial number, original purchase receipt and a plan verification from the cell provider
No way in hell. They'd sooner find a way to monetize officially opening up Siri cross-platform. All of this onerous treat-customers-like-criminals stuff is something Apple has consciously avoided in their business strategies for a long, long time—presumably observing that customers don't like to be treated like criminals, and don't like to give money to companies that make them feel bad.
I mean, this is just opening Siri's servers open to a DDOS when everyone downloads "Siri for Android" and "Siri for PC" and the server load multiplies manyfold...
Even if you rant about "Everything should be free", this is not a case of this... it could be if the hack allowed you to create the complete system (including servers), this only allows people to leech into someone else's server. It is not even a particularly complex hack that shows the mastery of the cracker.
In essence, IMO this thing will have some positive effect for people who will sell/use applications connecting to a system they don't support, and a lot of negative effect for the user who really support the system. I don't think it is a good thing, even if that puts me as a minority in /.
Disclaimer: Before you begin with it, I am not and I will not be an Apple user. Also, as my native language is not English, it is uncertain that I will find Siri useful anytime in the future.
Why can't
It's not in the summary, and it's not in the top 50 comments.
Mods: get off your asses, find a post that explains what the hell Siri is, and make sure that post is the top post in the thread.
Alternately, Editors: get off your asses and re-edit the summary to tell us what the fuck Siri is.
I don't understand these hackers, they only promote the lock-in policies of Apple. Because having Siri for a while may lure more users to Apple. After a while, Apple will just close the hole by using the UID's of the phone, like others mentioned, or some kind of unbreakable private-key cryptosystem.
Further, all those jailbreaking tools which are available just give Apple users a reason to say "hey, I'm not locked in, I can always jailbreak my device".
While you can root your device now, it does not mean you can root it forever. Apple devs are smart enough to make the system close to unbreakable, because cryptography is not that hard, and by the way, they are baking their own ICs now.
So I think Apple is just happy with this (relatively small) jailbreaking scene, just like Microsoft was happy with their software being illegally copied for a long while.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
So Siri only works when you're online? You can't tell it to record a to do item, unless you're within reach of a cell tower? If so, that's pretty dumb.
The only people who think Android is stolen are either a) below contempt or b) worthy of being punched or c) OMG STEVE JOBS IS MY GAAWWWDDDDD!!!!!! and probably fit squarely into a) and b) already.
You are now the wikipedia example of the logical fallacy "poisoning the well."
This is such a waste of time. Why can't talented programmers spend their efforts on more productive activities. Write the next great game, etc. If you want Siri, buy an effing iPhone. I know I'm in the (very small) minority here, but I just don't understand hackers.
Speaking to your phone makes you look crazy and snob so for that reason I'M OUT
I was surprised to discover that even ebay sniping apps do it server side. (somebody is storing your ebay credentials on their "not evil" server, yep)
Now that we know how to direct the speek files, anyone know of an open source library for decoding the files to text?
Having to work for a living is the root of all evil.
I hate to be rude, but..
If you don't know what something is look it the fuck up.
Thank you.
Don't know something? Look it up. Still don't know? Then ask.
Just like the iPod and iPhone, Apple seems to specialize in evolutionary implementation, but revolutionary in usage.
It remains to be seen if Siri is the latter, and I don't use it much myself, but the Iris project demonstrates that even if all the necessary tech was available on Android already, no one took it the (supposedly obvious) next step.
Despite claims that the Iris project "duplicated" Siri in only 8 hours, that was a wild exaggeration. A month later it is still very much something that regular users won't bother with. Their latest blog entry (from Oct 29) says most Android phones don't ship with the required speech libraries and users must download/install it themselves, they're missing multilingual support (Apple's own is far from complete, of course), and they're still implementing the framework to let it do certain voice actions like add calendar appointments.
I think it's great that they're trying with Iris, but they are obviously copying the Siri implementation, and it's disingenuous that some claim "Android had all those things first". They had most or maybe even all the parts, but they did not have a working car, because the parts were from different manufacturers that didn't fit together properly.
"Yes, that means anyone could now write an Android app that uses the real Siri!"
OR, you could try Vlingo....
This is actually is not a big innovations.
Long time ago there is Dragon Naturally speaking from Nuance.
It is the base for Siri.
They just combine it with the search engine and giving some touch.
What happened if Google Buy Nuance and then Improve it ?
Apple makes money selling hardware. Google makes money selling you.
Probably a lot of people already know this, but Siri is very similar to an open-source project that was co-opted by SRI International. The Sourceforge project used to be at http://sourceforge.net/projects/communicator/, but the project has suffered from long neglect.
You really think Android and iOS just HAPPENED to be so similar and just HAPPENED to come out within a year of each other?
Just like the iPhone happened to come out one year after the LG Prada. You are onto something!
Just tell Siri "Cleopatra says there will be snow from the west"
Go hug some trees.
Just set up your own server. The Android app would contact your server. Then your server would pretend to be a random iPhone 4S and send a request to Apple. Your server would then send the result back.
Coder's Stone: The programming language quick ref for iPad
Another thing to consider is that Siri remembers things about you. For example, you can tell it "Justine is my mom", then later say "Call mom". Also, there are sessions — your command can be a interpreted in the context of recent commands. I would guess that the state is saved on the server side and tied to your unique ID. If so, then sharing an ID among multiple users would result in a nasty user experience, and would certainly defeat the point of Siri's more intelligent features.
I think it's fairly clear iris is meant to be a sort of clone, but in the broader case of other voice command capability, it would be equally disingenuous to claim that android is just an iPhone clone. Each has pieces that the other had first. That is to be expected with parallel development of two devices in the same class.
For a multiplatform, multilingual voice recognition application for geeks, check out my new app http://code.google.com/p/voicetogoog/ now available at http://store.ovi.com/content/195998 . Since it’s an open-source (GPL) Qt-based app, it currently runs on Linux and on the Nokia N9 or N950 Linux smartphone. It’ll probably get ported to http://press.nokia.com/2011/08/18/symbian-anna-now-available-for-download/ next, but it also hope to port to Android via http://developer.qt.nokia.com/wiki/Necessitas . Also, please vote/like my VoiceToGoog-based proposal at http://www.ideasproject.com/ideas/11817