Applidium, a mobile app company, has supposedly hacked into Siri's intricately-guarded servers and tricked the servers into communicating with a non-Apple device. Yes, you heard right: Siri has been hacked. Apple will likely do everything in their power to thwart these security breaches in the future, but, for now, the hack seems to work.
So how did these merry pranksters manage to gain access to Apple's most popular new feature?
Well, it's a long story. First, Applidium analyzed the iPhone's network data to see how it communicated with remote machines. Within this data, the hackers were able to spot a server that receives voice data and feeds back a response: the Siri server. The server required an encrypted SSSL connection and valid certificate in order to communicate so, naturally, the hackers created a fake one
Applidium was then able to read Siri's conversations flowing between the phone and the servers. They then went about the insanely hard process of trying to understand the conversation, decompressing the data and finding waypoints like headers that marked chunks of data sent from phone to server and the response from server to phone.
Even after all that hard work, its unclear whether a non-iPhone device could ever communicate with Siri's servers without also having an iPhone: Apple still checks to make sure the device it's communicating with has a unique iPhone 4S identifier. Unless someone figures out how to forge this as well, Siri can't actually be used on other devices unless the user has access to one of these codes.
Still, the effort represents a bold breach of Apple's security and could pave the way for future Apple hackers.
0 comments:
Post a Comment