Slashdot Mirror

← Back to Stories (view on slashdot.org)

Siri Protocol Cracked

Posted by Unknown on from the siri-like-way-ogg-speex dept.

First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you." Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.

27 of 403 comments (clear)

  1. You still need iPhone 4S by CmdrPony · · Score: 5, Informative

    While you could write an Android app or anything else, the protocol sends an unique ID with the request. That ID is unique to every iPhone 4S. End result being, you can probably use your own for your personal use, but if you try to sell an App for Android and include your ID with it, Apple will just blacklist it. So you will still need your own iPhone 4S.

    1. Re:You still need iPhone 4S by jollyreaper · · Score: 5, Insightful

      How long until they crack the unique ID generator and create viable clones of existing phones?

      --
      Kwisatz Haderach
      Sell the spice to CHOAM
      This Mahdi took Shaddam's Throne
    2. Re:You still need iPhone 4S by Odin_Zifer · · Score: 5, Interesting

      If some one where to gather a couple dozen unique ID's they could use those to setup a Siri relay service.

    3. Re:You still need iPhone 4S by hydrofix · · Score: 5, Insightful

      If it is correctly implemented, that's easier said than done. It is not necessarily a key-value pair that are cryptographically verified (i.e. there exists a purely arithmetic function f(x,y) that returns true iff (x, y) is a valid pair, and client is allowed access if it supplies correct (x,y) ) This kind of system would be crackable; just find another arithmetic function f' that returns y for some x (one usually exists).

      However, if Apple knew what they were doing (and they usually do), it's a GUID database stored on Apple's server. Say, they generate a 128-bit random access code for each manufactured iPhone, and the only way you can use Siri is to supply a valid GUID. Such system is virtually uncrackable, because even for a 128-bit GUID and 200 million iPhone 4S manufactured, it would take a staggering 17 million trillion trillion guesses (i.e. HTTP requests to Apple servers) to guess right ONE correct GUID. If one request took a mere 100 bytes with its TCP/IP headers, you would have to transfer 170 million yottabytes (170 million trillion terabytes) of data to find one valid access key.

      Good luck explaining this to your ISP! :)

    4. Re:You still need iPhone 4S by Anonymous Coward · · Score: 5, Informative

      Or use an open WiFi access point. I'd point out the iThingies send their UUID in a lot of requests to Apple servers over ordinary HTTP. I know this because I block it in Privoxy.

    5. Re:You still need iPhone 4S by Anonymous Coward · · Score: 5, Funny

      Perhaps Android could run IOS in A VM

    6. Re:You still need iPhone 4S by jibjibjib · · Score: 5, Funny

      If you can eavesdrop on SSL connections, you have better things to do than cloning Siri.

    7. Re:You still need iPhone 4S by ShakaUVM · · Score: 5, Funny

      >>If you're so lucky that you can get a 128 random number duplicated on the first try you really ought to cash out your 401k and buy some lottery tickets.

      The optimal strategy for playing slots is to hit the jackpot on the first pull. I once explained this to a friend of mine, tossed in a nickle, and hit a $15 jackpot.

      He was blown away.

    8. Re:You still need iPhone 4S by Opportunist · · Score: 5, Funny

      Don't you tell me what I get to do when I can eavesdrop on SSL connections, puny human!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:You still need iPhone 4S by Trogre · · Score: 5, Informative

      Not that it's relevant to the argument at hand, but you might like to research the practice of back-firing, in relation to creating a firebreak, particularly with bushfires.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  2. Re:Apple upending their Bucket o' Lawyers on this by CmdrPony · · Score: 5, Informative

    They are already sending everything with HTTPS. That's why the researchers had to use gateway machine and certificate tricks to do man-in-the-middle attack.

  3. Re:So it's remote? by Psyborgue · · Score: 5, Insightful

    I, too am shocked at how many people didn't realize this was all done server side -- especially here.

  4. Re:Slightly less impressed by aXis100 · · Score: 5, Interesting

    Doing the processing on the server seems very slow to me - I can find a contact much faster by pressing the first few letters than waiting for the round-trip latency to siri.

    Heaps of people have tried to demo siri to me and most of the time it was a gimick that failed badly - either was slower than manual methods or just innacurate.

  5. Nothing new by CanEHdian · · Score: 5, Funny

    I knew this long ago... I just asked "Siri, what protocols are you using to communicate with your server?"

    --
    When the copyright term is "forever minus a day", live every day like it's the last.
  6. Command: by PowerCyclist · · Score: 5, Funny

    "Siri, Don't sue. Confirm.", Siri, "I'm afraid I can't do that Dave."

  7. Re:So it's remote? by muon-catalyzed · · Score: 5, Insightful

    The most alarming fact, for me, is that they are sending all my speech data over the Internet to some enormous Cloud database. Oh, and while they have it all, I must trust Apple now that they are not gonna mine this data and send it backdoor to advertisers and other interests.

  8. Re:So it's remote? by mo · · Score: 5, Insightful

    Speech recognition isn't too CPU intensive, but it's *massively* memory intensive. It's not unreasonable for speech recognition engines to eat up a gig of ram, and the 4S only has 512mb. However, push it to a server with lots of ram and it can handle lots and lots of simultaneous speech recognition queries. It's tailor made to be a server-side task. At least until phones have gigs of free memory that aren't needed.

  9. Re:So it's remote? by amiga3D · · Score: 5, Insightful

    What? I think that may be the primary purpose of Siri in the end. Only a small minority give a crap about security anyway.

  10. Re:So how many times .. by Bill+Dimm · · Score: 5, Funny

    I asked Siri that question, and it responded: "You've already asked one time too many." It then displayed a map showing me how to get to Mexico.

  11. A lesson in client/server security by AndrewStephens · · Score: 5, Interesting

    TFA is actually pretty interesting:

    As you know, the “S” in HTTPS stands for “secure” : all traffic between a client and an https server is ciphered. So we couldn’t read it using a sniffer. In that case, the simplest solution is to fake an HTTPS server, use a fake DNS server, and see what the incoming requests are. Unfortunately, the people behind Siri did things right : they check that guzzoni’s certificate is valid, so you cannot fake it. Well they did check that it was valid, but thing is, you can add your own “root certificate”, which lets you mark any certificate you want as valid.

    Some Apple software (parts of iTunes) goes further and checks that the certificate presented by the server is actually signed by Apple. If the Siri software did this then the server would be impossible to fake man-in-middle-wise without hacking the client itself. Just checking that the certificate is valid is pretty useless protection - any certificate could be valid, what you care about is whether the server is who it says it is.

    --
    sheep.horse - does not contain information on sheep or horses.
  12. Re:Really? by mug+funky · · Score: 5, Funny

    planes have wifi these days.

    in other news, you're no longer allowed to smoke.

  13. Re:The scam of Siri by Shadowruni · · Score: 5, Funny

    Crickey! Loo' at that. We're very lucky! You almost never see a four digit this far from its native habitat of lurking. Ah she's a beaut!

    --
    "Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
  14. Re:Win for Xiph (and open source) by bhcompy · · Score: 5, Insightful

    Yet the music player still doesn't support Ogg Vorbis.

  15. Re:Slightly less impressed by _xeno_ · · Score: 5, Informative

    Doing the processing on the server seems very slow to me - I can find a contact much faster by pressing the first few letters than waiting for the round-trip latency to siri.

    Yep. It's extremely annoying, actually, because Siri replaces the existing voice commands. So doing something like "call brother" - which used to take maybe a half second - takes a good three seconds or so of lag time. More annoyingly is things like "play playlist driving songs" - first you have to wait for the three seconds round-trip processing, then you have to wait for the iPhone to decide which playlist that matches ("Looking for playlist driving songs," Siri says), then you have to wait for her to narrate "playing playlist driving songs" before the music actually starts.

    Compare to the previous, non-Siri version:

    "Play playlist driving songs."
    (half-second pause) "Playing playlist driving songs." (music starts)

    Yay progress. About the only thing I use Siri for is asking dumb questions and seeing what responses I get. For actual voice controls, it's - well, not useless, exactly, just obnoxiously slow.

    --
    You are in a maze of twisty little relative jumps, all alike.
  16. Re:The scam of Siri by Shadowruni · · Score: 5, Funny

    Crickey! Will you loo' at that. We're so very lucky! You almost never see a four digit this far from its native habitat of lurking an' she's being stalked by this five digit that's almost as rare. It's times like this I'm gla' I don't work with lizards that might eat me! //Window seat please...

    --
    "Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
  17. Re:Slightly less impressed by Swanktastic · · Score: 5, Funny

    Haha! They fooled you too. The dirty little secret is that Siri is actually a nice old lady in Delhi.

  18. Re:Slightly less impressed by CharlyFoxtrot · · Score: 5, Informative

    So turn it off : "If you wish to use Voice Control while you are not connected to the Internet, turn Siri off from Settings > General > Siri. Make sure to turn Siri back on when you have Internet connectivity and you wish to use it again."

    --
    If all else fails, immortality can always be assured by spectacular error.