Siri Works Outside iPhone 4S? Crackers Say Yes - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Siri Works Outside iPhone 4S? Crackers Say Yes

Crackers reverse-engineer Siri Protocol, to extend Apple's voice recognition service to any device, at least on the sly.

A team of Paris-based developers has reverse-engineered the protocol that powers Siri, the voice recognition system incorporated by Apple into its latest iPhone 4S smartphone, introduced last month. By cracking the protocol, the developers said that Siri could conceivably be extended to work on virtually any device, including older iPhones, the iPad, and even Android smartphones.

Siri is the much-lauded voice recognition system that serves as a natural language frontend for various services on an iPhone 4S--from dictating notes and creating new calendar entries to retrieving weather forecasts or restaurant recommendations. To date, however, the technology only officially works on the iPhone 4S.

So developers at Applidium--a Paris-based application development shop that's probably best known for developing the official Paris Metro mobile app--decided to see if they could change that. After studying HTTPS calls that Siri makes to an Apple server--""--the developers found that they could use their own digital certificate to fake out the HTTPS server's validation check, by creating a fake domain name server and having it sign their application as being valid. Thanks to having the digital certificate, "you can add your own 'root certificate,' which lets you mark any certificate you want as valid," they said. "And it worked: Siri was sending commands to your own HTTPS sever. Seems like someone at Apple missed something."

[Management and security features make the iPhone 4S an appealing enterprise device. Check out The iPhone 4S: Ready For Business.]

Even with a cracked Siri protocol, however, developers who want to create apps for accessing Siri via other types of devices will face logistical issues. Primarily, any device attempting to use the service will still require an iPhone 4S identifier. "So if you want to use Siri on another device, you still need the identifier of at least one iPhone 4S," said the developers on their blog. "Of course we're not publishing ours, but it's very easy to retrieve one using the tools we've written. Of course Apple could blacklist an identifier, but as long as you're keeping it for personal use, that should be alright."

While cracking the Siri protocol, the developers made several interesting discoveries. For starters, they found that the iPhone 4S sends raw audio data--encoded using the Speex audio codec, which was created to support VoIP communications--to Apple's servers. "The protocol is actually very, very chatty. Your iPhone sends a [ton] of things to Apple's servers. And those servers reply [with] an incredible amount of information," they said.

For example, the Siri servers analyze every individual word submitted. "When you're using text-to-speech, Apple's [servers] even reply [with] a confidence score and the timestamp of each word," they said.

The developers have also released a collection of tools, largely written in Ruby--as well as C and Objective-C--which they created to help them understand the Siri protocol. "Those aren't really finished, but should be very sufficient for anyone technically inclined to write a Siri-enabled application," they said.

With that code in hand, developing Siri-using applications wouldn't require that a developer own an iPhone or be part of the Apple developer program. "You don't need to execute any special binary code on the iPhone, so you don't have to be an Apple developer," said the developers via Twitter.

Now, the developers have challenged others to take what they've done and run with it. "Let's see what fun application you guys get to build with it! And let's see how long it'll take Apple to change their security scheme!"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll