IntoMobile

Breaking news, information, and analysis on the latest mobile phones and mobile technology

Open NavigationOpen Search
  • Home
  • Platforms
    • iOS / iPhone OS
    • Android
    • Windows Phone
    • BlackBerry OS
  • Hardware
    • New Hardware
    • Tablets
    • Reviews
    • Rumors
  • Carriers
    • AT&T
    • Sprint
    • T-Mobile
    • Verizon
  • Manufacturers
    • Apple
    • Samsung
    • HTC
    • LG
    • Motorola
  • Best VPNs
    • Best VPNs for iPhone
    • Best VPNs for Android

Siri reverse-engineered and its inner workings exposed

November 14, 2011 by Kelly Hodgkins - Leave a Comment

Share on Twitter Share on Facebook ( 0 shares )

The engineers at mobile development company Applidium spent some time tearing apart Siri and discovered what makes her tick. Besides understanding the ins and out of how Siri works, the team figured out a way to hack Siri and let it potentially run on other devices.

While using a proxy server, the team discovered that Apple uses a secure HTTPS connection to talk to a server identified as guzzoni.apple.com. The server required a valid security certificate, but, much to their surprise, a self-signed certificate would work in place of the official Apple one. Once they were able to communicate with Apple’s server,  they were able to figure out what information is sent to Apple and what info is sent back to the phone.

Siri, as the developers uncovered, compresses the audio input and sends the audio stream to the server. The server then uses a variety of identifiers, including the iPhone’s UDID, to recognize a trusted device. Apple in return will send back the processed text to the handset. Piggy-backed on top of this text is extra information like confidence scores and timestamps for each word.

To help others understand Siri, the developers released the tools they used to dissect Siri’s protocol. Now that these tools are in the wild, other developers can use them to do their own study of Siri and hack it to support third-party apps. They could also build a malicious app that would take advantage of the SSL flaw discovered by Applidium.

Of course, this all relies on Apple not shutting down the security hole or blocking access to the UDID. As we have seen in the past, Apple is proactive when it comes to these threats and is quick to shut them down. I assume Apple would respond swiftly to this discovery as well.

[Via Applidium and CNET]

Share on Twitter Share on Facebook ( 0 shares )

Back to top ▴

Back to top ▴

Follow IntoMobile

38k
36k
4k
13k
12k

Most Recent Posts

  • iPhone No Sound: Tips on How to Fix this Common Issue
  • The newest iOS – things you surely did not know
  • Transferring money through mobile: Why digital wallets are the future of commerce?
  • Review: Shine laser light Bluetooth headphones
  • Neptune Suite smart watch with phone and tablet screens killing it at Indiegogo

Get Updates Via E-Mail

  • This field is for validation purposes and should be left unchanged.

About IntoMobile

  • About IntoMobile
  • Contact IntoMobile
  • Send us News Tips
  • Privacy Policy

Social Links

  • IntoMobile on Facebook
  • IntoMobile on Twitter
  • IntoMobile on Google+
  • IntoMobile on YouTube

Copyright © 2006-2021 IntoMobile. All rights reserved.