Siri hacked to work with Spotify, Instagram and other third-party apps

Siri hacked to work with Spotify, Instagram and other third-party apps

Summary: Siri on iOS 7 being used to control home automation devices like the Phillips Hue, and third-party apps like Spotify and Venmo. Installation can be done on any phone within a minute, without jailbreaking.

SHARE:
TOPICS: Apple, iOS, iPhone
7

PennApps Spring 2014 hackathon, the largest university hackathon, produced an exciting Siri hack called GoogolPlex which allows iPhone users to control third-party applications with Siri without jailbreaking. It's the first (and only) Siri hack for iOS 7 that is available right now.

Ajay Patel, Alex Sands, Ben Hsu, and Gagan Gupta, four freshmen in the M&T program at the University of Pennsylvania, developed GoogolPlex after being frustrated with the lack of features in Siri.

GoogolPlex is a hack on Siri (iOS 7 compatible) that allows Siri to integrate with third-party apps and hardware with custom commands like “turn on the lights.” Setup takes a minute and no jailbreaking is required. GoogolPlex already allows you to play songs in Spotify, pay friends through Venmo, Instagram selfies, and control Philips Hue lights with simple voice commands, all through Siri.

Here's the video of the team demoing GoogolPlex:

Some use cases for GoogolPlex include controlling Hue lightbulbs, Spotify, Instagram and Venmo, and the students promise that other third-party apps will be able to integrate with GoogolPlex and allow for their functionality to be accessed through Siri "in the future."

GoogolPlex takes about 20 seconds to set up and involves adding a HTTP Proxy to the iPhone's WiFi settings (http://totally.betterthansiri.com). Here's a video of the setup process:

According to the students the hack uses a Man-In-The-Middle (MITM) exploit to direct Siri requests to a proxy server that spoofs the DNS of Siri's servers so that the student's server receives the request. It then takes the query string from the user and uses natural language processing to understand the command and perform custom actions based upon the request.

Apple has taken a strong stance against such hacks in the past, notably shutting down a similar hack called SiriProxy in July 2012. It remains to be seen how Apple will react to the students innovative hack. Let's hope that Apple realizes that people want to do more than set timers with Siri and expand its functionality and not just shut down the loophole. 

Perhaps Apple needs to hire these guys?

GoogolPlex took third place overall out of over 220 projects and you can try it by going to http://betterthansiri.com from Safari on your iPhone, but you better try it out soon.

Topics: Apple, iOS, iPhone

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Sue

    "Perhaps Apple needs to hire these guys?" -- before or after they sue them?
    Sean Foley
    • They'll hire them before they sue them

      how else are they going to pay the penalty if they don't have a job?
      William.Farrel
      • LOL

        I have been waiting for Apple to sue themselves. Its bound to happen with all the litigation they bring on.
        Sean Foley
  • So can we officially say iOS has a security problem now

    after the recent goto fail issue and various lock screen hacks and other things. I haven't heard of as many problems with android security, except for malicious apps being sideloaded to no name phones in 3rd world countries, and it takes all the heat.
    drwong
    • Not sure it is a security problem

      One must manually add the proxy. Same thing happened when I moved from AT&T to StraightTalk, they walked me through adding a Proxy thus allowing me to do SMS and MMS.
      So, the article is talking with phone in hand a manual proxy change, not an exploit; at least that is how I see it.
      BubbaJones_
      • It has potential to be a security problem

        "Download this useful program" gets a lot of people trusting unverified third-party stuff. It happened with Windows.

        At least in my experience, for an uneducated PC consumer, once you show them, say, VLC, they decide 'ALL free things are safe!'. Cue me coming over a week later to remove a half-dozen 'registry cleaners', 'download accelerators', et al.

        And I can't i imagine that same mindset not happening among smartphone users.
        luke mayson
    • No!

      If you intentionally setup a proxy to relay all of your conversations it is no shock that, that proxy has access to all of the data passed through it. It is like asking if Android is insecure because Google can read the emails passed through their servers. I don't think this is an exploit.
      DougPetrosky