We told you yesterday about some serious development in Siri Hacking, well it looks like it is about to go to the next level.
Mobile development firm Applidium have published a protocol hack for Siri, Apple’s mobile voice recognition personal assistant.
The developers have said this hack has enabled them to use Siri’s recognition engine on any device and that all the device needs is an app to use the service. All this has happened little more than a month after Apple launched iOS 5 with Siri software on its iPhone 4S.
Developers were able to open up the HTTP protocol that Siri uses to communicate with a remote server.This is the server that Siri relies on to process commands over a 3G or Wi-Fi connection, so it is perfectly possible it could be ported to other devices, including those running Google’s Android OS.
“Yes, that means anyone could now write an Android app that uses the real Siri,” the firm said in a report posted on its website. “Or use Siri on an iPad! And we’re going to share this know-how with you.”
The developers found Siri’s HTTP traffic by setting up a proxy server and tricking the iPhone 4S to use it. This was when they realised its traffic was TCP based by using tcpdump on a network gateway. This revealed a certificate that showed Siri was talking to a server named guzzoni.apple.com over HTTPS.
“Basically all we had to do was to setup a custom SSL certification authority, add it to our iPhone 4S, and use it to sign our very own certificate for a fake ‘guzzoni.apple.com.’ And it worked: Siri was sending commands to your own HTTPS sever,” the company explained. “Seems like someone at Apple missed something!”
Applidium said that Siri’s protocol was “opaque” and “very chatty” after further reverse engineering work. “Your iPhone sends a ton of things to Apple’s servers,” it said. “And those servers reply an incredible amount of information. For example, when you’re using text-to-speech, Apple’s server even reply a confidence score and the timestamp of each word.”
Applidium has released a set of tools, written in Ruby, C and Objective-C languages, to understand the protocol. This should be sufficient to allow anyone with the technical know-how to write a Siri-enabled application.
“Let’s see what fun application you guys get to build with it,” the company added. “Let’s see how long it’ll take Apple to change their security scheme.”
Android already has a pretty decent Siri alternative in Iris, however it is still in alpha stages and has a lot of development remaining. This could be used to help with the development of Iris, or as suggested above just go give Android its own Siri.
Let us know your thoughts on our comments below or via our @Gadget_Helpline Twitter page or Official Facebook group.