When we told you all about a new jailbreak app claiming to bring Siri to non-4S iDevices yesterday, we were deeply skeptical about its authenticity. We later received confirmation that, yes, the H1Siri app did use some of Apple’s own code and thus was indeed illegal.

As Pete “Plamoni” Lamonica shows in his latest video, questionable legality isn’t the only reason that you shouldn’t be using H1Siri – it could potentially give a third-party control over your iDevice, and with relative ease on their part.

As we warned yesterday, using H1Siri means that you are sending all kinds of personal data through someone else’s servers, meaning that they can either eavesdrop on what is going on with your iDevice, or even take control of it as shown in Pete’s video…

The video shows how easy it would be for a remote SiriProxy server to send SMS messages from your iPhone without your knowledge. Because you have no idea what plugins are being run on the server that Siri is communicating with, you do not know what could be going on behind the scenes.

While Pete’s video shows an SMS being sent to a phone number in his address book, it is theoretically possible to send messages to any number. This means that a compromised SiriProxy sever could have your phone send SMS messages to premium rate numbers, costing you a small fortune in the process.

The moral of this story is a simple one. Do not use a remote SiriProxy server that you do not have control over, because you just do not know what plugins are being run on it. While it may well be safe to use, is it really worth the risk just to use Siri on an iDevice that isn’t an iPhone 4S?

  • it is not work at all

  • Siri isn’t such a big deal anyway, if I don’t like talking to animals then I especially don’t like talking to a device, especially a pretty limited and dumb one…
    Are people THAT busy to write, so they need to talk to their phones? :

    • sometimes people are busy driving… cooking… taking care of the kids..

      your argument is not only invalid but as dumb as you are trying to call siri

  • hey which wallpaper is dt on d iphone showing siri

  • Why would anyone wanna text using my info? I have unlimited everything, I’ll take my chances once they’ve fixed all the bugs. Hmmm ok so it’s wrong to use an apple code on an apple product that I paid for? That doesn’t make any sense. But thanks for your warnings. If they use my info to get a line of credit, I’ll be happy and get a line for myself too!

    • As noted in the article, the texts could still cost you money. Remember all the “text ‘HELP’ to some number to give $5 to whatever” commercials? Someone could effectively set up a line that “donates” $5 to their bank account when you text it. They would then set up a public SiriProxy server (or something similar like what h1siri uses) that is rigged to have people send texts to that number periodically. You might never notice the charge if you have a large cellphone bill that fluctuates from month to month.

      If you’re open to taking the risk, that’s totally fine with me. But I do like to make sure people know what they might be signing up for. That way people know the risks and can determine how to protect themselves.

      • Anonymous

        Wow. ***###slap###*** sorry you just needed that. That made me stupider.

      • I blocked purchase via messages 🙂

  • Yes it is worth the risk. It also proved that Apple lied & continue to say “oh it can’t work on other devices” when it clearly can. Isn’t that worse than this???

    • Joshua McClure

      Apple never said that. Apple said as stated:

      We have decided not support Siri on older iOS devices.

      They did not say it cannot be used with them. They only said that they will not support it.
      FYI

      • That wasn’t what they said at first. They keep changing their story and you’re following it.

      • Wrong. They said it is only supported on the A5 chip. Apple’s a bunch of fucktards. Do they not realize that they could make a fortune just by releasing it on the iPhone 4? I myself would pay upwards of $20 for an update that included Siri on my iPhone 4.

  • I uninstalled it yesterday, I took your advise. This is too compromised and not worth the risk.

    • Siv

      Notice how all the warnings include the word “could”. It could comprise privacy. It could be harmful. It could cause you to restore. It could.

      At the end of the day, think what you will, CD-Team is not malicious. In fact, their very port was leaked. Did you see any posts on their website (cd-team.org) indicating a release? Some beta tester leaked it.

      Those who “bricked” their iPhones are just idiots. All of its so called problems can easily be fixed and if worst comes to worst, they can just restore.

      All the bloggers and big-shot devs are taking a jab at h1siri for one very clear reason. Most of them have an iPhone 4S and dread the notion of losing their Siri exclusivity. Also I imagine they can’t fathom a Chinese team being legit. If h1siri was released by a bunch of Americans, there would be cry of concern. That’s racism at its core.

      • David Alonso Villamizar Lizcan

        ” Most of them have an iPhone 4S and dread the notion of losing their Siri exclusivity.”
        Really?? You sound like Hugo Chavez!! hahahaha

      • It’s more about not knowing who they are and your letting me have access to your device…use it if you want..but if something happens you have at least been warned…

  • Anonymous

    That is a fantastic video
    It explains the down fall of dodgy software very clearly
    Anyone who installs anything like Siri after that video is a numpty
    Loving your work 🙂

  • I have an ipod touch 4g so there isnt so much risk to try it out, i hope they solve the problem with the servers soon im dying to try siri out for more than 2mins

    • There not so much risk … Your email address is log to you, it’s a start on cloning you for anything they want..

  • Anonymous

    Everyone now thinks this is spyware.. Which no one can proof.

    • Joshua McClure

      Um. Yes it has> have you not watched the video or read this page.

      “As we warned yesterday, using H1Siri means that you are sending all kinds of personal data through someone else’s servers, meaning that they can either eavesdrop on what is going on with your iDevice, or even take control of it as shown in Pete’s video…”

      Please explain to me how this is not proof. I would love to here this explanation.lol

      • Anonymous

        I mean that no one can proof that H1SIRI is ACTUALLY spyware. The guy in the video showed that it is possible but it might not be the case that H1SIRI REALLY does that. I know its possible.. We just cant proof that the owners have bad intentions.

      • Zovage is correct. I am not demonstrating that h1siri is malware, I’m demonstrating its potential to BE malware. Anything that doesn’t come with an enforceable privacy policy isn’t something you should consider very carefully before you start sending your private data to them.

        It’s like if you see your friend click on a link in some spam email they received. You would probably inform them that they’re opening themselves up to having their computer compromised. You’re not saying that every link in a spam email is going to harm your computer, you’re just informing them of the risks associated with clicking links in spam.

        That’s what I’m trying to do with this video. I’m letting people know the potential risks. Not saying that every public SiriProxy server or h1siri are actually logging your private data or exploiting your phone. I’m just saying that they CAN do it if they want. So know before ya’ go. 🙂

      • This is what i have been trying to tell everyone. The team is new and we don’t have a way to prove that they will indeed steal our info. We should give them a chance instead of speculate. And yes, i do agree that they could steal our info, just like i agree that they COULD NOT and be an honest team.

      • Anonymous

        You aint god. Noone wants to easedrop through your crappy texts. They just found a way n linked there servers with apple servers. If you know why we couldnt link up before its cause you cant over use the 4s siri key or theyll block it so cd team found a loophole to break into apples servers so we can get in. There servers are just the doorway. Do u guys really belive there going to sift through millions of peoples text messages. I alone send a few hundred a day. I mean come on people. Use that peanut sized thing wedged between your ears n give them koodos

  • I just emailed and texted all my friends to simply delete any spam they receive in my name. They said ok. Great friends I have. Problem solved.

    • Joshua McClure

      That does not solve anything. Just because your friend delete what you send them (which I imagine they’re not going to go through everything you sent and delete any way, but I could be wrong, just saying).
      The proxy “holds” all that information, If the operator wants it too. Having your friends delete what you send them does nothing but delete it from there device. Does not touch the server. That ,makes no sense.

  • iPhone 4s users trust apple servers with all their info. What’s the difference? That H1siri came from China? hmmm. So you’re saying… DON’T TRUST THE CHINESE?? You guys are killing me. I’m out.

    • Joshua McClure

      The idea behind this is that we know who Apple is and they have no reason to steal our info. They have all they want.

      We have no idea who runs this proxy. If someone you dont know asked you to borrow $20, would you do it? The answer is no.

      But if someone you are very close with and trust you are more likely to trust them. Not exactly the same thing but hopefully you get the principle of the matter.

      • Two good friends owe me 160$ hmmm your theory is wrong. LoL hey I honestly am not gonna mess with this. I’m just making my point that apple is greedy just like everyone else I know. Merry Christmas everyone! Let’s go Chinese Dev team!

      • Would you give two strangers 160 dollars?

      • actually replying to alex : he said two good frds ftw:D

    • Anonymous

      Trusting a large respectable company (who not only owns the servers, but made the device you’re using to send data to the servers) and trusting a small unknown group of individuals are two completely different things. It has nothing to do with ethnicity.

  • Joshua McClure

    Ads no, this is not worth the risk. You dont know what proxy and the person running it are capable of and what they’re intentions are.

    • Anonymous

      There intentions are a)getting the siri files on your iphone 4 through a cydia app… Which they did. If you installed them prior to this u would know how much of a pain in the ass that was. And b) getting them working working… Again, they did it… By pulling people through there server that hacked the apple servers is the only way. If any key which is specific to the iphone4 is used for 5 times consecutively its automaticaly blocked, thats the reason none of the hackers who did it prior have been able to distribute it. So they found another way!!!

  • double chin

    Don’t know who to believe nowadays. Just best to stay away from it FOR NOW. Even idownloadblog makes me wonder sometimes. The last time Sebastian Page posted about how he felt about the current state of JBing, that he wasnt sure he wanted to JB his 4s untethered and stuff. And now they’re warning people about this H1siri app. And before u jump on my post, remember this is just my opinion. Maybe I’m paranoid, maybe apple is paying idownloadblog to lead people away from JBing. Maybe idownloadblog is afraid of apple putting the apple police on their asses. Maybe my dang coffee and cigarette is talking to me this morning lol.

  • Everybody is saying what can be done with H1Siri … we know then can do that, but nobody proven that they actually did something like that. I thought you have to prove something before you accuse somebody guilty.
    And BTW, before siri proxy crash there were people trying it, and it was working w/o anything on background, I already checked my usage.

    • Because nothing has happened yet ,it’s ok..lol..

  • So H1siri is evil? Well then hey, so is apple. Much in common. How about SiriOus? Should we tremble in fear everytime we push that lil mic? H1siri is down, period. Keep the repo on your device, when they fix it, just add it again. Easy. Meanwhile we can continue to troll these sites, my knuckles hurt.

    • Ben Smith

      Apple wil put Siri on older devices when the time comes. They are busy fixing thier firmware, as they should, considering it is the backbone of Siri to begin with.

      But what I’m curious is, what about an iPad? The generic wifi iPad 1. How would this fare? Saying don’t use it, sure, but it’s on an iPhone…. What could they really do to the wifi-only iPad?

      • Anonymous

        Apple already said it wont be releasing siri. They shoved a slightly faster processer n a new gadget n selling it as the new thing. There not ganna let it go. N gurentee the newer version of siri wont be available to the 4s when the 5th gen comes out. Makes u just wanna keep dishing out money

  • H1Siri wasn’t supposed to be released, it was leaked by some of the testers. These issues will be fixed. Maybe people need to check there website before posting a bunch of comments that its ruining there device. Again it WASN’T SUPPOSED TO BE RELEASED

    want a good legal port try sirira1n!

  • If you translate CD-Team’s site, there’s some interesting information in the sidebar. It confirms H1Siri was leaked and that the team just had a small server for testing.

    Ad@m

    • Anonymous

      Yea people are shot. Its was what it was, just the pre release version to work out the bugs… N yes it had bugs- and yes they were fixed. Now with all these idiots talking out there ass they might not persue it. This is really the first of its kind attempt. If you need your mom to jailbreak your phone n work out the issues than cry to her cause im sick of hearing it. Otherwise… Roll with it. Props to cd!!!

  • Anonymous

    I just got an email, apparently iDB blocks readers from posting comments. HMMM…sounds like APPLE OWNS iDB?

    • double chin

      I don’t know but iDB has been acting strange lately. Again maybe I’m just paranoid!

      • What do you mean by “been acting strangely”?

      • double chin

        When I learned about iDB, I thought u guys were suppose to be supporting the JB community but lately all I read from u is “I don’t know if I’ll jailbreak even when the untethered comes out”. Such comments lead me to believe u are starting to doubt the people who are working on the jailbreak. I understand it’s just your opinion but your posts make many feel like there won’t be a jailbreak and apple is winning the cat/mouse game. Your posts have big influence on your followers and readers. So I can’t help but to believe that something strange is going on. Maybe apple is sponsoring your website. Maybe I’m wrong but u guys have changed since I started reading your blogs.

    • We only block spammers and insulting or stupid comments. If you’re not one of those commenters, then there is no reason why your comments would be blocked.

  • Anonymous

    rise above censorship

  • How do we know what Apple is doing with our information?

  • I wish i would have known about this earlier! I removed it, my phone was extremely laggy and so i rebooted, booted tethered with redsnow, it seems fine. should i be okay?

  • Anonymous

    Life’s a bitch, no better yet a dumb broad

  • Anonymous

    Wow, some people are stupid and need a siri-ous slap across the face. Next time i decide to speak my credit card information through text or email my social security number ill remember that. Oh my gosh there ganna tell my wife im having sex with her sister cause they can read my texts. Oh no!!! they know were i am, there ganna know i was at the bar in new haven when i was supposta be at work. Freaking moron, the world dont revolve around you. Noone cares about you and if your stupid enough to send private info through text/email too bad. The worse thats ganna happen is there ganna jerk off over that sexy as video that girl sent you. Props to the cd team, cant wait till servers are up n running

  • So.. next question is, why can’t we all just run our OWN Siri proxy just like he is here? Then we can be safe /and/ add additional custom functionality if we’re so inclined. “Release” the software for the proxy and call it a day! No more bitching about security concerns.

    • Ask Apple. Siri is copyrighted by Apple.

  • Anonymous

    У меня вообще зависло и пи..(( Все пробывал и восстановить и прошивку менять ничего не смог( Отдал мастерам сказали сделают( Если у кого произошло напишите как и что вы делали?(плз…

  • Knowing the JB community their will be a more advanced version of Siri that doesnt need Siri code.
    Look at how far they have come with IntelliscreenX and Springtomize.

  • The hackers of H1Siri are from China. You Americans are just jealous because they figure it out sooner than u guys do. Then, making up stories so people will stay away from it. Just saying guys.

  • The hackers of H1Siri are from China. You Americans are just jealous because they figure it out sooner than u guys do. Then, making up stories so people will stay away from it.

  • Anonymous

    I recieved an iPhone 4s as a gift that is network locked so I cannot use it in my country but I would like to use its auth keys to install siri on my iPhone without the use of a proxy server does anyone know if this is possible?