Apple Siri Cracked Open, Theoretically Opening It Up To Other Devices Or Even Android

Document Sample
Apple Siri Cracked Open, Theoretically Opening It Up To Other Devices Or Even Android Powered By Docstoc
					                                                                                                                                15/11/2011 05:01
                 bestlaptopbattery.co.uk


                Apple Siri Cracked Open, Theoretically
                Opening It Up To Other Devices Or Even
                Android
                                                                                    that string with one pulled from an actual 4S is
                                                                                    somewhat simple — Apple wouldn’t (/couldn’t)
                Apple Siri Cracked Open, Theoretically Opening                      ever really notice.
                It Up To Other Devices Or Even Android
                                                                                    If someone were to hack together an Android app
                                                                                    and distribute it, though, the massive influx of
                                                                                    requests all originating from the same unique ID
                CloudTags: Siri , Open , Devices , Apple , Android                  would almost certainly trigger a blacklisting. Unless
                , Acer as07b41 battery ,Dell d820 battery , Hp 484170-              the app had a massive pool of authentic unique IDs
                001 battery                                                         to rotate through, the fishy activity would be pretty
                                                                                    easy to discern.
                                         Serving as a stark reminder
                                         that there are people on the               I’d highly recommend reading Applidium’s full run-
                                         Internet who are way, way too              down of the process, but here’s the tl;dr breakdown:
                                         damned clever, the guys over
                                         at the iPhone design/develop-                  • By connecting Siri to a local router and
                                         ment house Applidium claim                       then dumping data as it came through, they
                                         to have cracked open Siri to                     realized that Siri was sending all of its data
                                         take an unsanctioned look at                     to a server that we’ll refer to as “Guzzoni”.
                                         its (her? his?) inner workings.                • All trafic sent to Guzzoni was sent through
                                         In a rare (but quite welcome.                    the HTTPS protocol. With the “S” in HTTPS
                                         I mean, by us. Probably not by                   standing for “Secure”, this traffic wasn’t
                                         Apple) move, they’ve gone on                     subject to simple packet sniffing. So they
                                         to do a rather detailed debrie-                  had a new idea: make a fake Guzzoni server,
                                         fing of how they got through.                    and see what came through on the other
                                                                                          end.
                                     So, what does this mean to                         • After a good bit of ridiculously clever SSL
                                     you? Theoretically, it means                         certificate trickery, they got Siri sending
                that support for Apple’s voice-powered portable                           commands to their fake server. With each
                assistant could be hacked not only onto devices                           command comes the “X-Ace-Host” string,
                like the iPhone 4, but to anything from laptops to                        which appears to be unique to each iPhone
                Android phones as well. As the italics on “theoreti-                      4S.
                cally” imply, though, there’s a bit of a catch.                         • After figuring out how Apple was com-
joliprint




                                                                                          pressing (read: not encrypting) the data,
                The catch: in the end, anything attempting to com-                        Applidium was able to decompress it and
                municate with Siri’s backend needs to have a va-                          parse out a rough sketch of exactly what
                lid iPhone 4S identification string, unique to each                       was being sent (including which audio co-
 Printed with




                4S. In one-off experiments like this one, spoofing                        dec Apple was using), and what Siri expec-



                     http://bestlaptopbattery.co.uk/battery-wiki/apple-siri-cracked-open-theoretically-opening-it-up-to-other-devices-or-even-android



                                                                                                                                               Page 1
                                                                                                                                15/11/2011 05:01
                 bestlaptopbattery.co.uk

                Apple Siri Cracked Open, Theoretically Opening It Up To Other Devices Or Even
                Android


                     ted in return.

                With that process done, Applidium attempted to
                talk to Siri without any iPhone 4S in the equation.
                Their first challenge? Speech-to-text from a laptop
                running a custom script. Sure enough: it worked.
                Siri chewed through the sound file (a recording of
                them saying “autonomous demo of Siri”), didn’t bat
                an eye (as their tool was using their iPhone 4S’ ac-
                tual unique ID), and returned a mountain of data
                detailing what Siri heard and how sure it was about
                each word.

                Incredible. The Applidium guys have provided a few
                tools for others to recreate their steps — but, as it
                currently stands, there’s not much that can be done
                to take this beyond a rather cool proof-of-concept.

                 See Also: Teach Siri to Tweet for Your iPhone 4S
                – How To
joliprint
 Printed with




                     http://bestlaptopbattery.co.uk/battery-wiki/apple-siri-cracked-open-theoretically-opening-it-up-to-other-devices-or-even-android



                                                                                                                                               Page 2

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:20
posted:11/15/2011
language:English
pages:2
Description: Serving as a stark reminder that there are people on the Internet who are way, way too damned clever, the guys over at the iPhone design/development house Applidium claim to have cracked open Siri to take an unsanctioned look at its (her? his?) inner workings.