Slashdot Mirror

← Back to Stories (view on slashdot.org)

Siri Protocol Cracked

Posted by Unknown on from the siri-like-way-ogg-speex dept.

First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you." Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.

15 of 403 comments (clear)

  1. You still need iPhone 4S by CmdrPony · · Score: 5, Informative

    While you could write an Android app or anything else, the protocol sends an unique ID with the request. That ID is unique to every iPhone 4S. End result being, you can probably use your own for your personal use, but if you try to sell an App for Android and include your ID with it, Apple will just blacklist it. So you will still need your own iPhone 4S.

    1. Re:You still need iPhone 4S by hydrofix · · Score: 3, Informative

      Sure. But then you'd have to buy an iPhone.

    2. Re:You still need iPhone 4S by Anonymous Coward · · Score: 5, Informative

      Or use an open WiFi access point. I'd point out the iThingies send their UUID in a lot of requests to Apple servers over ordinary HTTP. I know this because I block it in Privoxy.

    3. Re:You still need iPhone 4S by bemymonkey · · Score: 4, Informative

      There is nothing available on Android that's anywhere near as functional as Siri (seems to be in the ads). Voice recognition is OK (but largely dependent on the quality of your device - if the manufacturer [HTC, cough] used cheap mics, no chance), but unless you want to call someone or search Google, you're going to need to do it the old fashioned way.

      And yes, I'm one of the rabid Android fanboys you seem to be encountering so often ;)

    4. Re:You still need iPhone 4S by Trogre · · Score: 5, Informative

      Not that it's relevant to the argument at hand, but you might like to research the practice of back-firing, in relation to creating a firebreak, particularly with bushfires.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
    5. Re:You still need iPhone 4S by Anonymous Coward · · Score: 2, Informative

      If it's just HTTP, you just need a laptop with packet sniffing software. Just find a cafe with wifi frequented by iDrones and pluck the UUIDs out of the air! It wouldn't surprise me if there are already databases of UUIDs being compiled and available on black markets

  2. Re:Slightly less impressed by Anonymous Coward · · Score: 3, Informative

    Ummmm.... no.... that would be why Siri fails so often due to network issues.

  3. Re:Apple upending their Bucket o' Lawyers on this by CmdrPony · · Score: 5, Informative

    They are already sending everything with HTTPS. That's why the researchers had to use gateway machine and certificate tricks to do man-in-the-middle attack.

  4. Re:Slightly less impressed by Anonymous Coward · · Score: 3, Informative

    Apple has stated publicly that Siri uses Apple servers for processing. And observing the behavior of the device under lost network connection makes this quite obvious.

  5. Re:Apple upending their Bucket o' Lawyers on this by Fnord666 · · Score: 4, Informative

    Here is an easier solution, how about just send everything via HTTPS.

    Apple is. From TFA:

    Surprisingly, when we did, we wouldnâ(TM)t gather any traffic when using Siri. So we ressorted to using tcpdump on a network gateway, and we realised Siriâ(TM)s traffic was TCP, on port 443, to a server at 17.174.4.4.

    The app even validated that the cert used was signed by a trusted CA. Fortunately the iphone4S allows you to add your own trusted CA to the trust chain.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  6. Re:The scam of Siri by Torodung · · Score: 3, Informative

    It's still a bit scammy, but I would guess they're using early adopters as a massive beta test before rolling it out to iLife in general, so rather than depriving anyone, they're being cautious and scaling up usage slowly. Think "Apple Newton," and it's reasonable to suspect the company may still be a little gun shy with this kind of tech. Even if it is running "in the cloud" instead of on the device, there's a whole lot that could go wrong with Siri. (Page is for entertainment purposes only. Not to be construed as actual examples. I am a non-attorney spokesperson.)

    More than that, availability matters here, and they want the initial adopters to have a premium experience before they roll it out to the hoi polloi, and everything goes pear shape when they run into the usual scaling issues. You know, like the ones AT&T ran into with the first iPhones.

  7. Re:Slightly less impressed by _xeno_ · · Score: 5, Informative

    Doing the processing on the server seems very slow to me - I can find a contact much faster by pressing the first few letters than waiting for the round-trip latency to siri.

    Yep. It's extremely annoying, actually, because Siri replaces the existing voice commands. So doing something like "call brother" - which used to take maybe a half second - takes a good three seconds or so of lag time. More annoyingly is things like "play playlist driving songs" - first you have to wait for the three seconds round-trip processing, then you have to wait for the iPhone to decide which playlist that matches ("Looking for playlist driving songs," Siri says), then you have to wait for her to narrate "playing playlist driving songs" before the music actually starts.

    Compare to the previous, non-Siri version:

    "Play playlist driving songs."
    (half-second pause) "Playing playlist driving songs." (music starts)

    Yay progress. About the only thing I use Siri for is asking dumb questions and seeing what responses I get. For actual voice controls, it's - well, not useless, exactly, just obnoxiously slow.

    --
    You are in a maze of twisty little relative jumps, all alike.
  8. Re:Slightly less impressed by afabbro · · Score: 2, Informative

    99% of all phone apps have very little to do with the actual phone and instead they're just quick reference URLs to some external site that does most of the work.

    No.

    You're claiming that out of 500,000-odd iPhone apps, only 5,000 are anything more than just "quick reference URLs to some external site that does most of the work"?

    There are more than 5,000 games in the iOS app store.

    There are probably 10,000 calculators, flashlight apps, and fart sound effect apps.

    Sure, some apps are as you describe, and many apps talk to the net, but 99% are not just "quick reference URLs".

    --
    Advice: on VPS providers
  9. Re:Slightly less impressed by R3d+M3rcury · · Score: 3, Informative

    Of course, now you can say things like, "Boy, I'd love to hear some driving songs" or "Driving songs would sound good right about now." See? There's less of the "command" protocol and more like you're speaking to an actual person!

    Of course, the person you're talking to is a little slow. But that's better than having to use some specific syntax, right?

    (The above is sarcasm.)

  10. Re:Slightly less impressed by CharlyFoxtrot · · Score: 5, Informative

    So turn it off : "If you wish to use Voice Control while you are not connected to the Internet, turn Siri off from Settings > General > Siri. Make sure to turn Siri back on when you have Internet connectivity and you wish to use it again."

    --
    If all else fails, immortality can always be assured by spectacular error.