Siri Protocol Cracked
First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you."
Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.
Doing the processing on the server seems very slow to me - I can find a contact much faster by pressing the first few letters than waiting for the round-trip latency to siri.
Heaps of people have tried to demo siri to me and most of the time it was a gimick that failed badly - either was slower than manual methods or just innacurate.
If some one where to gather a couple dozen unique ID's they could use those to setup a Siri relay service.
TFA is actually pretty interesting:
Some Apple software (parts of iTunes) goes further and checks that the certificate presented by the server is actually signed by Apple. If the Siri software did this then the server would be impossible to fake man-in-middle-wise without hacking the client itself. Just checking that the certificate is valid is pretty useless protection - any certificate could be valid, what you care about is whether the server is who it says it is.
sheep.horse - does not contain information on sheep or horses.