Siri Protocol Cracked
First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you."
Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.
How long until they crack the unique ID generator and create viable clones of existing phones?
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
The quality of the anonymous coward troll posts is declining. I expected more.
To offset political mods, replace Flamebait with Insightful.
How long until they figure out how to clone a phone? They already can do this :)
Besides, why would an Android user want to goto the trouble? I'm informed (rabidly and often) that Android phones already have superior features and that Siri is merely a clone with fancy marketing.
Don't blame me, I voted for Baltar.
That's what they wanted people to think. 99% of all phone apps have very little to do with the actual phone and instead they're just quick reference URLs to some external site that does most of the work. Of course they tie all the apps to the phone so that you can't bypass the store.
Why would they waste the processing horsepower? It would eat the battery if it was even at all possible. They can do higher quality recognition on their servers anyway. The customer does not need to know where the processing is done as long as "it just works". To the consumer, and even some more technically inclined, it's magic -- and that is the real genius in the way Apple presents it's products. They make people feel like they're somehow in the future, that they're talking to an intelligent phone, that Saint Steve has somehow created artificial life and they get to own a piece of this future for the price of a modest chunk of change and a two year contract.
> I thought it ran on the phone itself.
Nope, and that is the scam. Basically you are calling a service. Thus they could make Siri available on every iProduct with zero effort. That they decided to hold it as an exclusive feature for the 4S to try and create the 'gotta upgrade' stampede is truly lame. Keeping it to iProducts is ok, they ain't giving away a hefty compute farm after all, who do ya think they are after all, Google? But locking access to the service to one submodel of one product line is a terrible idea.
Democrat delenda est
I, too am shocked at how many people didn't realize this was all done server side -- especially here.
If Apple is learning anything from Google, it's that customer info is valuable. Siri could easily become an advertising platform that rivals Google. Targeted advertising, where companies pay Apple for premium listings ( eg Asking Siri about a Pizza place returns Pizza Hut who paid the most for that key word).
If that's their angle, they might welcome more traffic to Siri.
The most alarming fact, for me, is that they are sending all my speech data over the Internet to some enormous Cloud database. Oh, and while they have it all, I must trust Apple now that they are not gonna mine this data and send it backdoor to advertisers and other interests.
Speech recognition isn't too CPU intensive, but it's *massively* memory intensive. It's not unreasonable for speech recognition engines to eat up a gig of ram, and the 4S only has 512mb. However, push it to a server with lots of ram and it can handle lots and lots of simultaneous speech recognition queries. It's tailor made to be a server-side task. At least until phones have gigs of free memory that aren't needed.
What? I think that may be the primary purpose of Siri in the end. Only a small minority give a crap about security anyway.
If it is correctly implemented, that's easier said than done. It is not necessarily a key-value pair that are cryptographically verified (i.e. there exists a purely arithmetic function f(x,y) that returns true iff (x, y) is a valid pair, and client is allowed access if it supplies correct (x,y) ) This kind of system would be crackable; just find another arithmetic function f' that returns y for some x (one usually exists).
However, if Apple knew what they were doing (and they usually do), it's a GUID database stored on Apple's server. Say, they generate a 128-bit random access code for each manufactured iPhone, and the only way you can use Siri is to supply a valid GUID. Such system is virtually uncrackable, because even for a 128-bit GUID and 200 million iPhone 4S manufactured, it would take a staggering 17 million trillion trillion guesses (i.e. HTTP requests to Apple servers) to guess right ONE correct GUID. If one request took a mere 100 bytes with its TCP/IP headers, you would have to transfer 170 million yottabytes (170 million trillion terabytes) of data to find one valid access key.
Good luck explaining this to your ISP! :)
Well, they send your Siri requests. And, of course, almost everything you do on you cellphone is sent somewhere it can be tracked and recorded.
(rabidly and often)
No doubt. Those users are the worst thing about having an Android phone.
I like my Android phone. It does what I need, it does it fairly smoothly. It's not as slick as my iOS devices, but I'm used to the downsides of Android and for the moment I'd rather deal with them than deal with the downsides of iOS. But the fanbois are just awful.
Yet the music player still doesn't support Ogg Vorbis.
There's an awfully big chance the codec was determined and implemented way before Apple even touched the product.
I was promised a flying car. Where is my flying car?
It seems fairly ill-advised for a company whose business is developing iOS apps to post their reverse engineering exploits on the corporate blog.
the reason why you can't do this is because Siri communicates in HTTPS, so it is not vulnerable to man-in-the-middle attacks. hence, you cannot eavesdrop on somebody else's iphone
the reason why they could listen to the traffic in the article is because they had access to the root certificate on the iphone itself. you can do this if you have physical access to the phone, but obviously you can't just do this over the air to other people's phones
This presumes that the guid assignments are done from the 128bit guid space using some garanteed form of true random.
Given the number of phones in existence, and that new phones will have to be whitelisted as time passes, (and that random guesses will run the risk of collision) it is more likely that the guid assignment is performed in some sophisticated pseudo random fashion, and as such, identifiable patterns could be detected given a sufficiently large number of known whitelisted guids.
Once you have that information, and perhaps some other information that apple might use in the guid assignment algorithm (serial number, manufacturing site, date of manufacture, etc...) it should be possible to determine which guids should be valid.
This sounds like an opportunity for a naughty idevice app developer, who should already be able to get such a list by having their app phone home, and request the device uuid as part of a purchase validation mecchanism. (A popular app could quickly get several hundred active unique ids to work with, perhaps more.)
It's not a "pretty useless protection". It's not just checking that the certificate is valid, it's also checking that the certificate authority has a corresponding root certificate installed on the iPhone. It stops anyone who doesn't have access to the phone from eavesdropping or manipulating the data.