Slashdot Mirror


Siri Protocol Cracked

First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you." Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.

7 of 403 comments (clear)

  1. Re:You still need iPhone 4S by jollyreaper · · Score: 5, Insightful

    How long until they crack the unique ID generator and create viable clones of existing phones?

    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
  2. Re:So it's remote? by Psyborgue · · Score: 5, Insightful

    I, too am shocked at how many people didn't realize this was all done server side -- especially here.

  3. Re:So it's remote? by muon-catalyzed · · Score: 5, Insightful

    The most alarming fact, for me, is that they are sending all my speech data over the Internet to some enormous Cloud database. Oh, and while they have it all, I must trust Apple now that they are not gonna mine this data and send it backdoor to advertisers and other interests.

  4. Re:So it's remote? by mo · · Score: 5, Insightful

    Speech recognition isn't too CPU intensive, but it's *massively* memory intensive. It's not unreasonable for speech recognition engines to eat up a gig of ram, and the 4S only has 512mb. However, push it to a server with lots of ram and it can handle lots and lots of simultaneous speech recognition queries. It's tailor made to be a server-side task. At least until phones have gigs of free memory that aren't needed.

  5. Re:So it's remote? by amiga3D · · Score: 5, Insightful

    What? I think that may be the primary purpose of Siri in the end. Only a small minority give a crap about security anyway.

  6. Re:You still need iPhone 4S by hydrofix · · Score: 5, Insightful

    If it is correctly implemented, that's easier said than done. It is not necessarily a key-value pair that are cryptographically verified (i.e. there exists a purely arithmetic function f(x,y) that returns true iff (x, y) is a valid pair, and client is allowed access if it supplies correct (x,y) ) This kind of system would be crackable; just find another arithmetic function f' that returns y for some x (one usually exists).

    However, if Apple knew what they were doing (and they usually do), it's a GUID database stored on Apple's server. Say, they generate a 128-bit random access code for each manufactured iPhone, and the only way you can use Siri is to supply a valid GUID. Such system is virtually uncrackable, because even for a 128-bit GUID and 200 million iPhone 4S manufactured, it would take a staggering 17 million trillion trillion guesses (i.e. HTTP requests to Apple servers) to guess right ONE correct GUID. If one request took a mere 100 bytes with its TCP/IP headers, you would have to transfer 170 million yottabytes (170 million trillion terabytes) of data to find one valid access key.

    Good luck explaining this to your ISP! :)

  7. Re:Win for Xiph (and open source) by bhcompy · · Score: 5, Insightful

    Yet the music player still doesn't support Ogg Vorbis.