Siri Works Outside iPhone 4S? Crackers Say Yes

A team of Paris-based developers has reverse-engineered the protocol that powers Siri, the voice recognition system incorporated by Apple into its latest iPhone 4S smartphone, introduced last month. By cracking the protocol, the developers said that Siri could conceivably be extended to work on virtually any device, including older iPhones, the iPad, and even Android smartphones.

Siri is the much-lauded voice recognition system that serves as a natural language frontend for various services on an iPhone 4S--from dictating notes and creating new calendar entries to retrieving weather forecasts or restaurant recommendations. To date, however, the technology only officially works on the iPhone 4S.

So developers at Applidium--a Paris-based application development shop that's probably best known for developing the official Paris Metro mobile app--decided to see if they could change that. After studying HTTPS calls that Siri makes to an Apple server--"guzzoni.apple.com"--the developers found that they could use their own digital certificate to fake out the HTTPS server's validation check, by creating a fake domain name server and having it sign their application as being valid. Thanks to having the digital certificate, "you can add your own 'root certificate,' which lets you mark any certificate you want as valid," they said. "And it worked: Siri was sending commands to your own HTTPS sever. Seems like someone at Apple missed something."

[Management and security features make the iPhone 4S an appealing enterprise device. Check out The iPhone 4S: Ready For Business.]

Even with a cracked Siri protocol, however, developers who want to create apps for accessing Siri via other types of devices will face logistical issues. Primarily, any device attempting to use the service will still require an iPhone 4S identifier. "So if you want to use Siri on another device, you still need the identifier of at least one iPhone 4S," said the developers on their blog. "Of course we're not publishing ours, but it's very easy to retrieve one using the tools we've written. Of course Apple could blacklist an identifier, but as long as you're keeping it for personal use, that should be alright."

While cracking the Siri protocol, the developers made several interesting discoveries. For starters, they found that the iPhone 4S sends raw audio data--encoded using the Speex audio codec, which was created to support VoIP communications--to Apple's servers. "The protocol is actually very, very chatty. Your iPhone sends a [ton] of things to Apple's servers. And those servers reply [with] an incredible amount of information," they said.

For example, the Siri servers analyze every individual word submitted. "When you're using text-to-speech, Apple's [servers] even reply [with] a confidence score and the timestamp of each word," they said.

The developers have also released a collection of tools, largely written in Ruby--as well as C and Objective-C--which they created to help them understand the Siri protocol. "Those aren't really finished, but should be very sufficient for anyone technically inclined to write a Siri-enabled application," they said.

With that code in hand, developing Siri-using applications wouldn't require that a developer own an iPhone or be part of the Apple developer program. "You don't need to execute any special binary code on the iPhone, so you don't have to be an Apple developer," said the developers via Twitter.

Now, the developers have challenged others to take what they've done and run with it. "Let's see what fun application you guys get to build with it! And let's see how long it'll take Apple to change their security scheme!"