Siri is one of the iPhone 4S and iOS5's most praised new features, but anyone without a brand new smartphone from Apple has been missing out.
Because it's connected to a server and not just a piece of internal software, Siri can essentially learn and improve. It is continually updating and gathering new information, enhancing its functionality and learning an individual users preferences constantly.
The designers at Applidium have figured out how to crack the personal assistant application to make it available on other devices, such as the Android smartphone and the iPad.
The easiest way to sniff HTTP traffic is to setup a proxy server, configure your iPhone to use it, and look at what goes through the proxy, the Paris-based company explained.
By speculating and backtracking how Siri works, it determined that Siri communicates with a server called guzzoni.apple.com, which can be found at the secure Web site https://22.214.171.124/.
Basically all we had to do was to setup a custom SSL certification authority, add it to our iPhone 4S, and use it to sign our very own certificate for a fake “guzzoni.apple.com”. And it worked : Siri was sending commands to your own HTTPS sever! Seems like someone at Apple missed something! Applidium said.
The company also made a number of discoveries about the inner workings of Siri, including:
- The iPhone 4S really sends raw audio data. It’s compressed using the Speex audio codec, which makes sense as it’s a codec specifically tailored for VoIP.
- Siri and the Apple servers sends more than just words. An incredible amount of data get sent to Apple with each Siri use, including time stamps and accuracy grades for all text-to-speech words.
- To use Siri on another device, one needs to have the identfier of at least one iPhone 4S.
(All iPhones and iPod Touch have a Unique Device Identifier, 40 letters and numbers long that is specific to an individual device. Your existing indentifier can be found via the App Store or through iTunes.)
Detailed instructions and tools for cracking Siri can be found on Applidium's blog.
contact Daniel Tovrov at firstname.lastname@example.org