Feeds

Coders crack iPhone 4S Siri

Protocol probed

Internet Security Threat Report 2014

French software developer Applidium claims to have reverse engineered the protocol by which the iPhone 4S' Siri voice assistant talks to Apple's voice recognition and analysis servers.

But don't expect a flood of superior Siri clones on other platforms, or even on other iPhones. Each communication is tied to the sending 4S' unique ID.

With a bit of digital certificate jiggery-pokery, a fake DNS server and the use of Zip decoding, the Applidium team was able to start analysing the binary data.

The upshot: Siri takes the voice recording, encodes it in the Ogg Speex format, Zips it, encrypts it and sends it to the server guzzoni.apple.com for decoding and analysis.

Says the Applidium team: "The protocol is actually very, very chatty. Your iPhone sends a ton of things to Apple’s servers. And those servers reply an incredible amount of informations. For example, when you’re using text-to-speech, Apple’s server even reply a confidence score and the timestamp of each word."

Applidium has even posted a sample: the speech it sent to Apple's Siri servers - not from an iPhone 4S, though - and the XML data returned by the speech-to-text operation.

Applidium has uploaded the tools it created and used to crack Siri, but - understandably - it's not providing the iPhone 4S ID it used. We'd expect Apple to be able to spot near-simultaneous Siri requests from the same device in many, many different locations and block the device ID.

If it hasn't implemented such a trick it certainly will soon. ®

Internet Security Threat Report 2014

More from The Register

next story
Hi-torque tank engines: EXTREME car hacking with The Register
Bentley found in a hedge gets WW2 lump insertion
What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
You fought hard and you saved and earned. But all of it's going to burn...
Trousers down for six of the best affordable Androids
Stylish Googlephones for not-so-deep pockets
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.