×
Trending
Kobo introduces its first-ever colour e-readers with prices starting at S$229.90
Kobo introduces its first-ever colour e-readers with prices starting at S$229.90
New submarine cable system connects Singapore and Vietnam, starting in 2027
New submarine cable system connects Singapore and Vietnam, starting in 2027
Google is bringing AI editing features to more Google Photos users for "free"
Google is bringing AI editing features to more Google Photos users for "free"
News
News Categories
AV SystemsBluetooth HeadsetsCasingsCoolersCPUDigital PaymentsExternal StorageGames & GearGraphics CardsHard Disk DrivesHeadphonesInkjet PrintersLaser PrintersMedia Streamers and HubsMemoryMobile PhonesMotherboardNASNetworkingOptical DrivesPortable Media PlayersPower Supply UnitsProjectorsSmartphones & TabletsSolid State DrivesSpeakersTabletsTelcoTelevisionsDesktop SystemsEsportsNetworking & TelcoNotebooksToys & CollectiblesWearablesInput DevicesMonitorsMovies & ShowsPhotographyPrintersStorageApps & SoftwareInternet, Cloud, eCommerceComputingPC ComponentsAudio & VisualGaming & Entertainment CultureBlu-ray PlayersSmart LivingSmart Living & LifestyleAutomotive TechScience & TechTravel & AviationBiz & SME TechOthers

Breaking Through Siri's Wall

By Wong Casandra - on 15 Nov 2011, 10:36am

Breaking Through Siri's Wall

Credits goes to Lifehacker


Siri has already been shown to work on the iPhone 4, but Applidium has gone a step further by "delving" into the inner workings of the popular voice assistant. Here's a little taste of what goes behind Siri:

Tech Crunch - The catch: in the end, anything attempting to communicate with Siri’s backend needs to have a valid iPhone 4S identification string, unique to each 4S. In one-off experiments like this one, spoofing that string with one pulled from an actual 4S is somewhat simple — Apple wouldn’t (/couldn’t) ever really notice.

If someone were to hack together an Android app and distribute it, though, the massive influx of requests all originating from the same unique ID would almost certainly trigger a blacklisting. Unless the app had a massive pool of authentic unique IDs to rotate through, the fishy activity would be pretty easy to discern.

And a short and concise explanation of what the Applidium did to prove their theory: (For those more technically inclined, you can take a look at Applidium’s full rundown of the process here.)

Tech Crunch - By connecting Siri to a local router and then dumping data as it came through, they realized that Siri was sending all of its data to a server that we’ll refer to as “Guzzoni”.

All trafic sent to Guzzoni was sent through the HTTPS protocol. With the “S” in HTTPS standing for “Secure”, this traffic wasn’t subject to simple packet sniffing. So they had a new idea: make a fake Guzzoni server, and see what came through on the other end.

After a good bit of ridiculously clever SSL certificate trickery, they got Siri sending commands to their fake server. With each command comes the “X-Ace-Host” string, which appears to be unique to each iPhone 4S.

After figuring out how Apple was compressing (read: not encrypting) the data, Applidium was able to decompress it and parse out a rough sketch of exactly what was being sent (including which audio codec Apple was using), and what Siri expected in return.
 

Will we ever see Siri running on an Android device? Seems highly likely if it's that simple to exploit.

Source: Tech Crunch

Join HWZ's Telegram channel here and catch all the latest tech news!
android iphone 4s siri
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.