Forgot Your Password?
Siri Running On Android ?
 posted  November 16th 2011 at 10:05 AM
It's been a trying month for Apple's security team: First, a researcher pokes a hole in the company's tight control of its App Store. And now another group of hackers claim they've cracked its newest crown jewel and Google Killer, the voice command and search tool Siri, to run on any device potentially even Google's.

Today, we managed to crack open Siri's protocol, reads a blog post by a group of French security researchers and consultants at the Paris-based firm Applidium. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we?re going to share this know-how with you.

Applidium?s hack hasn't been independently verified, and the researchers didn?t immediately respond to my call asking for more information on their work. But they posted a test file they say was produced by speaking into their own version of Siri running autonomously, not on an iPhone, a demonstration that they?ve lifted the protocol from its exclusive home on the iPhone 4S and could implement it elsewhere?albeit with some limitations that will make the trick tough to reproduce on a mass scale, and likely very shortlived.

Applidium?s researchers say they began their hack by sniffing the iPhone?s network data to watch how it communicated with any remote machines?sure enough, they spotted the server that crunches the voice data from the phone?s Siri protocol and feeds back a response. But the application used an encrypted SSL connection, and checked to see that the server it communicated with showed a valid certificate, the digital signatures that are meant to determine that a machine talking to another machine is the machine it says it is?in this case, an Apple server called '

But SSL is notoriously fraught with implementation problems, and Applidium exploited one: It set up its own custom certificate authority and used it to spoof a fake server, which was then able to receive and decrypt all of the Siri communications between their iPhone 4S and what the device thought was a real Apple server. Seems like someone at Apple missed something!? the researchers write.

Read More
  No comments    





Add new Comments
  Copyright © 2009 -2010   About Us