Siri's security sabotaged, developer releases crack tools

The security protocol that enables Siri to communicate with Apple's servers and return information via speech recognition has been cracked by developer Applidium.

Apple

The security protocol that enables Siri to communicate with Apple's servers and return information via speech recognition has been cracked by developer Applidium.

What does that mean?

In a nutshell, according to Applidium, "anyone could now write an Android app that uses the real Siri!" The technology that Siri uses to communicate with Apple servers is not HTTP, as many developers may suspect. In fact, Apple uses TCP to connect with Siri.

After some more digging, Applidium had discovered the server name and address that Siri uses. After finding the server, a valid certificate was needed. By adding a personal root certificate, Applidium was able to mark any other certificate as valid, including one that could be recognized by Siri's servers.

Next came some complex hacking of various files and packets. Applidium has it all laid out on its blog if you're interested in getting the specifics. What was learned, though, was pretty telling.

Apple uses a VoIP codec called Speex to encode raw audio from Siri and send it to Apple servers. If developers want to use Siri on a non-iPhone 4S device, you'll have to get an iPhone 4S identifier. Specifics are not given on the blog, but the forthcoming crack tools will explain how to do it.

Apple is all-in on Siri's technology. In fact, for every word that the Siri servers respond with, a confidence score and time stamp is included. And that's impressive considering the amount of chatter and information sharing that is done between your iPhone 4S and the Siri servers.

Applidium is working on its crack tools for adding Siri to other devices. Currently, Applidium's crack tools link (here) does not result in a product. Staying tuned to the Applidium blog will likely be the best way to see when these tools are available.

Of course, all of this information is subject to change, as Apple is generally very quick and extremely adept at sealing security concerns, especially when it involves one of its prized products. I expect to see a restructuring of Siri's security protocol in the iOS 5.0.2 update.

Would you like to see Siri on an Android device? Or perhaps on your desktop? Let me know in the comments!

About the author

    Joe is a seasoned Mac veteran with years of experience on the platform. He reports on Macs, iPods, iPhones and anything else Apple sells. He even has worked in Apple retail stores. He's also a creative professional who knows how to use a Mac to get the job done.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Find Your Tech Type

    Take our tech personality quiz and enter for a chance to win* high-tech specs!