Feeds

Coders crack iPhone 4S Siri

Protocol probed

Security for virtualized datacentres

French software developer Applidium claims to have reverse engineered the protocol by which the iPhone 4S' Siri voice assistant talks to Apple's voice recognition and analysis servers.

But don't expect a flood of superior Siri clones on other platforms, or even on other iPhones. Each communication is tied to the sending 4S' unique ID.

With a bit of digital certificate jiggery-pokery, a fake DNS server and the use of Zip decoding, the Applidium team was able to start analysing the binary data.

The upshot: Siri takes the voice recording, encodes it in the Ogg Speex format, Zips it, encrypts it and sends it to the server guzzoni.apple.com for decoding and analysis.

Says the Applidium team: "The protocol is actually very, very chatty. Your iPhone sends a ton of things to Apple’s servers. And those servers reply an incredible amount of informations. For example, when you’re using text-to-speech, Apple’s server even reply a confidence score and the timestamp of each word."

Applidium has even posted a sample: the speech it sent to Apple's Siri servers - not from an iPhone 4S, though - and the XML data returned by the speech-to-text operation.

Applidium has uploaded the tools it created and used to crack Siri, but - understandably - it's not providing the iPhone 4S ID it used. We'd expect Apple to be able to spot near-simultaneous Siri requests from the same device in many, many different locations and block the device ID.

If it hasn't implemented such a trick it certainly will soon. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Monitors monitor's monitoring finds touch screens have 0.4% market share
Not four. Point four. Count yer booty again, Microsoft
Hey, Mac fanbois. HGST wants you drooling over its HUGE desktop RACK
What vast digital media repository could possibly need 64 TERABYTES?
In a spin: Samsung accuses LG exec of washing machine SABOTAGE
Rival electronic giant tries to iron out allegations
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.