• Motorburn
      Because cars are gadgets
    • Gearburn
      Incisive reviews for the gadget obsessed
    • Ventureburn
      Startup news for emerging markets
    • Jobsburn
      Digital industry jobs for the anti 9 to 5!

The ghost in the machine — Inside Siri

It didn’t take long for hackers to crack the Siri protocol and discover exactly how Siri works. The beautiful thing about the hack was that it used a Moxie Marlinspike talked about some years back. After forcing all of Siri’s internet traffic through a packet-sniffer, it became apparent that Siri communicates over HTTPS with a server at Apple.

By simply creating a certificate that looks like Apple’s but uses a a fake CA which could be installed onto the iPhone, it was simple to trick the iPhone into communicating directly with an internal server. Once this was in place, our hacker friends could get to work on figuring out what information the iPhone sends for each Siri command.

The task actually proved to be more awkward than one would expect. To begin with, Apple makes use of its own proprietary HTTP method, called ACE, in order to communicate. On top of this, the body of the HTTP message is a binary blob, which makes it relatively unclear as to what is going on inside the communication. Finally, the headers of the HTTP message seem to contain a unique ID which seems tied to the iPhone making the request, most likely to identify the device and prevent unauthorized devices from making use of the service.

After some very intelligent guesswork, it was possible to work out exactly what sort of content gets sent to Apple every time you use Siri. It seems that the binary blob is compressed using the zlib compression library, and ultimately it simply contains a large plist with all of the data that Apple’s servers need in order to process a Siri request. Of course, the information sent in this list will vary depending on the communication.

Generally, when you make a Siri request, all of the magic happens outside of your precious iPhone 4S. The audio content is recorded and then compressed using the Ogg Speex codec, which was developed for VOIP communications. This is then bundled up and sent back to Apple. Apple’s server processing farm, performs the voice-recognition on the audio recording and returns the text along with confidence score ratings and timestamps for each word. More than likely, other data such as your GPS co-ordinates is also sent back to Apple for processing.

The hackers at Applidium who have broken the protocol have published their tools on Github. What is really cool about their work is that it is possible to record an audio sample on a non-iPhone device, and then compress it using the Speex codec and then send it off to Apple for processing. Of course, you need your iPhone 4S’ unique identifier in order to do this, but once you’ve got it, you can rig up your old Apple desktop or PC to interface with Siri and do whatever you need it to do.

On the other hand, if you’re like me, the idea that every time you send a text message or email using Siri all of that content routes through Apple’s servers first, will send a shiver down your spine. I stopped using Gmail for my personal and company email, a long time ago.

Author | Rowan Puttergill: Columnist

Rowan Puttergill: Columnist
Rowan Puttergill is a technology evangelist and software engineer with a long career working in enterprise environments. He brings with him the experience of being the Technical Editor at SA Computer magazine, and a career history as a technical author. He is a huge advocate of open-source technologies, and... More
  • Zulu

    What do you use as an alternative to Gmail now? I’ve been looking for something for the longest time, only Gmail is, by far, the “best” service I’ve seen out there (read: free, reliable, and with a great feature set).


  • Rowan Puttergill

    I run my own mail server on a Debian system running on a VPS. Except for
    the hosting cost, its mostly free. The down side is that I need to take
    care of my own SPAM filtering and backup. Its not the approach I would
    expect to see the average user take, but in general I am quite concerned
    about privacy so I don’t like sharing my mail with 3rd parties.
    Particularly when they market their service as ‘free’, because you are
    pretty much guaranteed that they are scouring your mail to sell
    information on to advertisers etc.

    While the cost of hosting may seem a little crazy when you can use a free service like Gmail, having your own server has a whole load of advantages. On the mail side, I can quickly set up aliases to help manage my mail more effectively and to help obscure my identity from sites that require an email for registration purposes. But there are also things like being able to proxy your internet traffic through an SSH tunnel, when on a public network that you don’t trust. Its also useful for quickly putting large files onto the web, for people to download…. probably I am just a little bit crazy though.

  • Zulu

    Thanks for that reply, Rowan. I, too, have my own mail server set up, only I can’t stand its interface. I don’t have time to mount the learning curve associated with many of the things you mentioned in your reply; I guess I’m waiting for the open source community to tackle email soon, and present a viable, reliable, user-friendly, free alternative, hopefully sooner than later.

    Until then, it looks like I’m sticking with Gmail for the time being. Not cool, and I hate it, but its slim pickin’s if you don’t have the resources to manually carve out your own space(and continue maintaining it too!).

    Again, thanks for the reply, buddy.

  • Rear Admiral Enderle

    >he audio content is recorded and then compressed using the Ogg Speex codec

    Apple uses OGG? That’s funny.

    I dont make a big deal out of Apple hypocrisy and BS because there is so much of it but considering the past few years and their battle against OGG in various forms and factors like In HTML5, this is another one of their ‘do as I say, not as I do’ things.

    Whats next? ODF support from MS?