Siri Works Outside iPhone 4S? Crackers Say Yes - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Siri Works Outside iPhone 4S? Crackers Say Yes

Crackers reverse-engineer Siri Protocol, to extend Apple's voice recognition service to any device, at least on the sly.

A team of Paris-based developers has reverse-engineered the protocol that powers Siri, the voice recognition system incorporated by Apple into its latest iPhone 4S smartphone, introduced last month. By cracking the protocol, the developers said that Siri could conceivably be extended to work on virtually any device, including older iPhones, the iPad, and even Android smartphones.

Siri is the much-lauded voice recognition system that serves as a natural language frontend for various services on an iPhone 4S--from dictating notes and creating new calendar entries to retrieving weather forecasts or restaurant recommendations. To date, however, the technology only officially works on the iPhone 4S.

So developers at Applidium--a Paris-based application development shop that's probably best known for developing the official Paris Metro mobile app--decided to see if they could change that. After studying HTTPS calls that Siri makes to an Apple server--""--the developers found that they could use their own digital certificate to fake out the HTTPS server's validation check, by creating a fake domain name server and having it sign their application as being valid. Thanks to having the digital certificate, "you can add your own 'root certificate,' which lets you mark any certificate you want as valid," they said. "And it worked: Siri was sending commands to your own HTTPS sever. Seems like someone at Apple missed something."

[Management and security features make the iPhone 4S an appealing enterprise device. Check out The iPhone 4S: Ready For Business.]

Even with a cracked Siri protocol, however, developers who want to create apps for accessing Siri via other types of devices will face logistical issues. Primarily, any device attempting to use the service will still require an iPhone 4S identifier. "So if you want to use Siri on another device, you still need the identifier of at least one iPhone 4S," said the developers on their blog. "Of course we're not publishing ours, but it's very easy to retrieve one using the tools we've written. Of course Apple could blacklist an identifier, but as long as you're keeping it for personal use, that should be alright."

While cracking the Siri protocol, the developers made several interesting discoveries. For starters, they found that the iPhone 4S sends raw audio data--encoded using the Speex audio codec, which was created to support VoIP communications--to Apple's servers. "The protocol is actually very, very chatty. Your iPhone sends a [ton] of things to Apple's servers. And those servers reply [with] an incredible amount of information," they said.

For example, the Siri servers analyze every individual word submitted. "When you're using text-to-speech, Apple's [servers] even reply [with] a confidence score and the timestamp of each word," they said.

The developers have also released a collection of tools, largely written in Ruby--as well as C and Objective-C--which they created to help them understand the Siri protocol. "Those aren't really finished, but should be very sufficient for anyone technically inclined to write a Siri-enabled application," they said.

With that code in hand, developing Siri-using applications wouldn't require that a developer own an iPhone or be part of the Apple developer program. "You don't need to execute any special binary code on the iPhone, so you don't have to be an Apple developer," said the developers via Twitter.

Now, the developers have challenged others to take what they've done and run with it. "Let's see what fun application you guys get to build with it! And let's see how long it'll take Apple to change their security scheme!"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/16/2011 | 12:17:22 PM
re: Siri Works Outside iPhone 4S? Crackers Say Yes
Used to work outside of an iPhone for years before, so that isn't so much of a surprise.
User Rank: Apprentice
11/15/2011 | 6:50:07 PM
re: Siri Works Outside iPhone 4S? Crackers Say Yes
So if Siri is sending all of that digitized audio as data, it would be interesting to see just how wasteful the program is with your data plan. Plus, since the cell carriers are already having issues with keeping up with all the data as it is.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll