by Mathew J. Schwartz | InformationWeek
A team of developers based in Paris has reverse-engineered the protocol that connects the Siri - the voice recognition system built by Apple in its latest smartphone, the iPhone 4S, introduced last month. By breaking the protocol, the developers said that the tool could be extended to work on virtually any device, including older iPhones, iPad, and even Android smartphones.
Siri iPhone only works on 4S, so the developers decided to see if they could change that. After studying the so-called HTTPS that makes for a Crab Apple server - "guzzoni.apple.com" - they discovered they could use their own digital certificate to make a fake check out the HTTPS server validation. This occurred through the creation of a domain name server and a false certificate stating that the application was valid. Thanks to the digital certificate "yo u can add your 'root certificate', which lets you mark any certificate that you want as valid," they said. "And it worked. The Siri sent commands for your HTTPS server. "
Even with a protocol of Siri cracked, however, developers who want to create applications to access Siri via other types of devices will face logistical problems. "So if you want to use the Siri on another device, you still need the identifier of at least one iPhone 4S", explained. "Of course we are not publishing our own, but it is very easy to get one using the tools that we describe. Of course Apple could send an identifier to the blacklist, but as long as you keep it for personal use, you should have no problems. "
Whilebroke the protocol of Siri, the developers have made several interesting discoveries. To begin with, they found that the iPhone 4S sends audio raw data - encoded using the Speex audio codec, which was created to support VoIP communications - for Apple's servers. "The proto col is really very, very talkative. Your iPhone sends a [ton] of things for Apple's servers. And the servers respond [with] an incredible amount of information, "they said.
For example, Siri's servers analyze each word individually. "When you are using text-to-speech, Apple's [servers] respond [to] with a confidence score and give the timestamp of every word, "they said.
They also released a collection of tools, largely written in Ruby - as well as C and Objective-C - which they created to help them understand the protocol of Siri.
With this code in hand, the development of an application using the Crab would not require the developer to have an iPhone or were part of Apple's developer program. "You do not need to perform any special binary code of the iPhone, so you do not have to be an Apple developer," explicatram through Twitter.
Now, developers challenge others to use what they discovered. "Let's see what fun application that you get to b uild with our discovery! And let's see how long it will take Apple to change its security scheme "
Learn more:
Siri: 3 threats that could annihilate humanity
Siri: 8 ways it will change the world and the human brain
Siri, the iPhone is a threat to Google, says Eric Schmidt
No comments:
Post a Comment