Breaking Through Siri's Wall
Siri has already been shown to work on the iPhone 4, but Applidium has gone a step further by "delving" into the inner workings of the popular voice assistant. Here's a little taste of what goes behind Siri:
Tech Crunch - The catch: in the end, anything attempting to communicate with Siri’s backend needs to have a valid iPhone 4S identification string, unique to each 4S. In one-off experiments like this one, spoofing that string with one pulled from an actual 4S is somewhat simple — Apple wouldn’t (/couldn’t) ever really notice.
If someone were to hack together an Android app and distribute it, though, the massive influx of requests all originating from the same unique ID would almost certainly trigger a blacklisting. Unless the app had a massive pool of authentic unique IDs to rotate through, the fishy activity would be pretty easy to discern.
And a short and concise explanation of what the Applidium did to prove their theory: (For those more technically inclined, you can take a look at Applidium’s full rundown of the process here.)
Tech Crunch - By connecting Siri to a local router and then dumping data as it came through, they realized that Siri was sending all of its data to a server that we’ll refer to as “Guzzoni”.
All trafic sent to Guzzoni was sent through the HTTPS protocol. With the “S” in HTTPS standing for “Secure”, this traffic wasn’t subject to simple packet sniffing. So they had a new idea: make a fake Guzzoni server, and see what came through on the other end.
After a good bit of ridiculously clever SSL certificate trickery, they got Siri sending commands to their fake server. With each command comes the “X-Ace-Host” string, which appears to be unique to each iPhone 4S.
After figuring out how Apple was compressing (read: not encrypting) the data, Applidium was able to decompress it and parse out a rough sketch of exactly what was being sent (including which audio codec Apple was using), and what Siri expected in return.
Will we ever see Siri running on an Android device? Seems highly likely if it's that simple to exploit.
Source: Tech Crunch