Ironically, the various hacker group’s fascination to reverse engineer Apple products seem to be directly proportional to late Steve Job’s obsession to maintain a closed ecosystem of Apple technology. A group of developers from Applidium posted a story recently that explains how the group was able to crack Siri so that they could run Apple’s virtual assistant on Android or any other device.
Siri Hacked: Apple’s Voice Assistant Cracked, Could Run On Android
To validate their claims, they have released a collection of tools that, according to them, can be used to build Siri-enabled applications on devices that were never authorized to offer the proprietary Apple feature. The tools, written in the Ruby, C, and Objective-C languages.
Deciphering Siri’s security Protocol
These are the result of painstaking sleuthing into the way Siri communicates with a remote server Apple dedicates to the service. The hackers were apparently able to decipher Siri’s security protocol by setting up their own custom SSL certification authority and adding it to their iPhone 4S to find out the commands that Siri sends to Apple’s official servers.
Turns out Siri uses TCP to speak to a server at 22.214.171.124 using port 443. Applidium then logged on to a desktop computer, entered in that IP address, and realized that Apple was returning a server named “guzzoni.apple.com” and that Siri was using HTTPS as its protocol.
Putting it simply, the group then created a fake guzzoni.apple.com address and tricked Siri into sending commands there instead of to Apple’s own server.
Finally, after the painstaking process of trying to understand it, decompressing the data they were able to decipher the audio file being sent to the server and match it with the code that represents Siri’s understanding of the clip.
But it also means that the chances of someone using the findings to mass produce a Siri app for unauthorized devices is slim, since the hack requires a valid iPhone 4S unique identifier to be sent to the server. That means Apple could easily revoke identifiers that are used an abnormally high number of times, or from an abnormally high number of different locations.
Apple’s server still checks that the device it’s communicating with has a unique iPhone 4S identifier. Unless someone figures out how to forge those identifiers, pirating Siri on another device will require already owning an iPhone 4S or knowing someone who does.
And since Apple might detect and ban iPhone 4S identifiers used for bootleg Siri applications, the trick might put whatever legitimate iPhone 4S whose identifier you’ve borrowed at risk.
On the bright side though, if the hackers’ trick can be reproduced, expect Siri to give birth to some interesting voice-recognition off-springs in the near future.
Let’s see how long it’ll take Apple to change their security scheme before someone comes up with an Android device running Siri.