It’s been a trying month for Apple’s security team: First, a researcherpokes a hole in the company’s tight control of its App Store. And now another group of hackers claim they’ve cracked its newest crown jewel and Google killer, the voice command and search tool Siri, to run on any device–potentially even Google’s.
“Today, we managed to crack open Siri’s protocol,” reads a blog post by a group of French security researchers and consultants at the Paris-based firm Applidium. “As a result, we are able to use Siri’s recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we’re going to share this know-how with you.”
Applidium’s hack hasn’t been independently verified, and the researchers didn’t immediately respond to my call asking for more information on their work. But they posted a test testfile they say they produced by speaking into their own version of Siri running autonomously, not on an iPhone, a demonstration that they’ve lifted the protocol from its exclusive home on the iPhone 4S and could implement it elsewhere–albeit with some limitations that will make the trick tough to reproduce on a mass scale, and likely very shortlived.
Applidium’s researchers say they began their hack by sniffing the iPhone’s network data to watch how it communicated with any remote machines–sure enough, they spotted the server that crunches the voice data from the phone’s Siri protocol and feeds back a response. But the application used an encrypted SSL connection, and checked to see that the server it communicated with showed a valid certificate, the digital signatures that are meant to determine that a machine talking to another machine is the machine it says it is–in this case, an Apple server called “guzzoni.apple.com.”
But SSL is notoriously fraught with implementation problems, and Applidium exploited one: It set up its own custom certificate authority and used it to spoof a fake “guzzoni.apple.com” server, which was then able to receive and decrypt all of the Siri communications between their iPhone 4S and what the device thought was a real Apple server. “Seems like someone at Apple missed something!” the researchers write.
Once they could read Siri’s conversations flowing back and forth between the phone and the server, Applidium went about the painstaking process of trying to understand it, decompressing the data and finding waypoints like headers that marked a chunk of data sent from phone to server and the response to that chunk from server to phone. Finally they were able to decipher the audio file being sent to the server and match it with the code that represents Siri’s understanding of the clip.
Those unlucky readers without the iPhone 4S who have coveted Siri shouldn’t rejoice quite yet. The technique comes with a major caveat: Apple’s server still checks that the device it’s communicating with has a unique iPhone 4S identifier. Unless someone figures out how to forge those identifiers, pirating Siri on another device will require already owning an iPhone 4S or knowing someone who does. And since Apple might detect and ban iPhone 4S identifiers used for bootleg Siri applications, the trick might put whatever legitimate iPhone 4S whose identifier you’ve borrowed at risk.
Apple, which didn’t immediately respond to my request for comment, will also no doubt change its security scheme to prevent this kind of reverse engineering in short order, though other hackers are sure to follow in Applidium’s footsteps now that the task of hijacking Siri seems to have been shown to be possible. In the mean time, Applidium has made its tools available to the general public on Github.
If the hackers’ trick can be reproduced, expect Siri to give birth to some interesting voice-recognition mongrels in the near future.
Via: Forbes
0 comments:
Post a Comment