I know it's interesting stuff, but I'm curious what "rights" Applidium have in publishing this information.
With this information, (if I'm not wrong) it wouldn't take long to simply DDoS Siri...
Or port Siri to Android (effectively stealing IP).
(I have no bias either way, just pointing out, if someone figured out how to reverse engineer dropbox, so you could use their space, without a dropbox account, would we all be going "wow, this is so cool!" or would we be crying out "this is such an irresponsible hack!")
Hacks are admired here, not condemned. Reverse engineering should always be allowed. This information doesn't make it possible to DDoS Siri or port it to Android as each request requires a unique iPhone ID; Apple can easily filter out unauthorized requests.
Maybe You admire them. But I don't. Are we going to hack/crack each other's apache servers from now on? Or are we going to build businesses that will solve problems for everyone?
"As a result, we are able to use Siri’s recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri!"
Are they just lying then?
There demo said they got siri to work with no iphone involved (in the end).
Also... DDoS would still be effective, no? (the server still has to 'filter')
> Hacks are admired here
You sure about that? A lot of China-bashing happens here based around it's 'Hacking' of U.S targets, I've never seen admiration of such things.
They're not lying. Anyone could write an Android app that uses Siri, but it would require the ID from an iPhone to work, so distributing it would be problematic.
(I hope the app store magical-vetting-code is smart enough to ensure the new hit app "Somewhat Annoyed Birds" isn't capable of fishing around in the phone for the Siri ID and sending it back to the developers website along with the high score you just got...)
Why would that be problematic? You write a server that provides clients with an iPhone ID that hasn't been banned from using Siri yet, and then you make the app contact that server to get the ID.
I'm sure Apple would send a nastygram, but they send nastygrams if you scratch your phone and don't get it repaired quickly enough. There is no law against telling other people your phone's serial number. There is no law against sending an HTTP request to an HTTP server for non-malicious reasons. So really, I don't see much of a legal problem.
Where would you get the valid IDs? You can't share the same ID between very many users, or Apple will ban it. You can't buy an iPhone for every user of your Siri app. iPhone users won't willingly give you their IDs. Are you going to somehow obtain and use the IDs of unsuspecting iPhone users without their permission? That is likely illegal and definitely will get you sued and booted from Android Market.
"The iPhone 4S sends identifiers everywhere. So if you want to use Siri on another device, you still need the identfier of at least one iPhone 4S. Of course we’re not publishing ours"
> 'No one is at all concerned that this is a hack?'
You're asking that on a site called 'Hacker News' if I'm not mistaken. It is indeed a 'hack', a clever and skilled exploration of technology carried out with perfectly good or neutral intent.
That's right, Hacker News is about compromising security and cracking software.... How did I miss that all this time?
My initial post (which has been down voted out of existence) is a valid point.
I don't actually care whether Apple get hacked or not. I was curious what people thought of publishing a 'hack/crack' like this.
Lots of rationalising going on, but to me it still seems wrong. I'd hate people to leverage my work (even for 'personal use') without my permission. Interesting how 'hackers' are happy to hack other peoples stuff, but cry out when it's their own stuff getting hacked.
Anyone with Wireshark or tcpdump could have already seen what IP address the Siri client communicates with it.
Any competitor's jealous of Siri aren't learning too much to find out that the client uses HTTP, compression, and binary payloads in what it sends over the wire to the Siri service - the magic is server-side. The client has to communicate with the service somehow.
> No one is at all concerned that this is a hack?
> I know it's interesting stuff, but I'm curious what "rights" Applidium have in publishing this information.
In the United States, reverse engineering is entirely lawful. It is even made explicitly clear in the DMCA that reverse engineering is allowed. Which part are you specifically worried the most about?
> With this information, (if I'm not wrong) it wouldn't take long to simply DDoS Siri...
This is just scaremongering. Knowing an IP address is enough to DDoS a server. Are you suggesting that it's somehow unethical to independently publish the location of a publicly-available server? Are you also going to indict the DNS server that gave it to them?
> Or port Siri to Android (effectively stealing IP).
Theft relates to physical property. I'm not sure what would be stolen here as Apple still controls the Siri server and requires a unique iPhone 4S ID to be used. Again, though, reverse engineering for the purpose of interoperability is legal in the United States. There's no way to frame this as stealing.
> (I have no bias either way, just pointing out, if someone figured out how to reverse engineer dropbox, so you could use their space, without a dropbox account, would we all be going "wow, this is so cool!" or would we be crying out "this is such an irresponsible hack!")
This is a red herring. Your proposed situation suggest a security vulnerability of some kind wherein Dropbox hypothetically allowed someone access without paying. No such vulnerability to Siri was found; all requests to the Siri server were made using a valid phone id and returned valid, official responses.
The only thing that's unclear to me is if the anti-circumvention portion of the DMCA extends to technology used but not created by the author e.g. Apple did not create SSL but they use it to secure transmission - does this make spoofing an SSL certificate an instance where the DMCA's anti-circumvention law would come into play?
I know it's interesting stuff, but I'm curious what "rights" Applidium have in publishing this information.
With this information, (if I'm not wrong) it wouldn't take long to simply DDoS Siri...
Or port Siri to Android (effectively stealing IP).
(I have no bias either way, just pointing out, if someone figured out how to reverse engineer dropbox, so you could use their space, without a dropbox account, would we all be going "wow, this is so cool!" or would we be crying out "this is such an irresponsible hack!")