Developers crack Siri’s security protocol to enable it with any device


A team of developers called Applidium has announced that they managed to investigate how Siri, exclusive service available on the iPhone 4S, talks to Apple servers. Applidium notes that iPhone 4S uses standard HTTPS network requests to communicate with Apple's servers, but sends data using an "ACE" command rather than regular web GET requests. Moreover, each Siri request involves a unique identifier based on UUID. Such identifier prevents access of unauthorized devices to Apple’s servers. User’s requests are compressed with the Speex audio codec optimized for VoIP. Applidium discovered that iPhone, to provide Siri’s voice recognition, should support at least Siri's basic voice recognition features, but Apple doesn’t plan to port such capabilities on earlier iOS 5 models.

So far, Applidium's investigation has revealed that Siri packages requests in compressed property lists, but further exploration of the protocol is hampered by a number of issues, including the complexity of requests, the fact that they are tied to a hardware key, and that they are subject to change.

Noteworthy, Apple could at any time stop supporting a particular hardware identifier, if it is suspected of being used to exploit its servers, and change way of data transmitting.

Applidium says "anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad!" But you will need a real unique user key of an actual iPhone 4S.

Follow us on Twitter:     

| |


Leave a comment

Leave a Reply

You can login with iPhoneRoot account here.