Researchers at Applidium have published some interesting findings about the protocol used by Siri. For every request the user makes to Siri, the iPhone 4S sends the compressed audio of the request to servers at Apple to first be converted to text. Then, it is mapped into commands that the iPhone can understand, and then sent back to the device.
This protocol sits on top of HTTPS, and intercepting or spoofing it requires either a valid SSL certificate for guzzoni.apple.com or a way to convince the device to accept your certificate as valid. One must also hijack DNS so that the phone would think guzzoni.apple.com is at an IP address that you control. The post from Applidium covers the details pretty well, so let’s talk about what one could do with this.
I’ll start with the positive and creative things that can be done. In theory, it should be easy to port Siri to any device if you have a valid iPhone 4S ID. Any device capable of recording audio and running an “app” with Internet connectivity should work. This includes laptops, tablets, smartphones, even refrigerators and washing machines.
You can even build your own Siri server for existing Siri capable devices to talk to. This can be utilized for home use for commands like “turn on the light”, or “close the garage door.” This can also be done within a business: imagine integrating such a system with your everyday tools to make workflow voice interactive. Anything you can script, you can ask Siri about.