The engineers at mobile development company Applidium spent some time tearing apart Siri and discovered what makes her tick. Besides understanding the ins and out of how Siri works, the team figured out a way to hack Siri and let it potentially run on other devices.
While using a proxy server, the team discovered that Apple uses a secure HTTPS connection to talk to a server identified as guzzoni.apple.com. The server required a valid security certificate, but, much to their surprise, a self-signed certificate would work in place of the official Apple one. Once they were able to communicate with Apple’s server, they were able to figure out what information is sent to Apple and what info is sent back to the phone.
Siri, as the developers uncovered, compresses the audio input and sends the audio stream to the server. The server then uses a variety of identifiers, including the iPhone’s UDID, to recognize a trusted device. Apple in return will send back the processed text to the handset. Piggy-backed on top of this text is extra information like confidence scores and timestamps for each word.
To help others understand Siri, the developers released the tools they used to dissect Siri’s protocol. Now that these tools are in the wild, other developers can use them to do their own study of Siri and hack it to support third-party apps. They could also build a malicious app that would take advantage of the SSL flaw discovered by Applidium.
Of course, this all relies on Apple not shutting down the security hole or blocking access to the UDID. As we have seen in the past, Apple is proactive when it comes to these threats and is quick to shut them down. I assume Apple would respond swiftly to this discovery as well.