Basically, the group was able to get Siri to analyze voice inputs that were never spoken through an iPhone. It turns out Siri uses TCP to speak to a server at 18.104.22.168 using port 443. Applidium then logged on to a desktop computer, entered in that IP address, and realized that Apple was returning a server named “guzzoni.apple.com” and that Siri was using HTTPS as its protocol.
Putting it simply, the group then created a fake guzzoni.apple.com address and tricked Siri into sending commands there instead of to Apple’s own server.
Applidium discovered that Siri sends Apple a time stamp for each word spoken, as well as a reply confidence score, and described the software as “very, very chatty.” It is possible to get the software working on an Android device, or any similar gadget, but you’ll need at least one iPhone 4S identifier and some coding know-how.
The hackers published a set of tools that it says can be used by anyone to create Siri-enabled applications and is encouraging fellow hackers to try the tools out and see what they can develop