MS Confirms Speech Recognition Flaw

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Here’s one for you. Let’s say you have Speech Recognition turned on, a microphone plugged in and your speakers turned up. Then, you surf a website with a sound file embedded in it that says something to trigger your speech recognition. That is what this whole flap is over. I’m not sure how you should classify this one…well, except for maybe “funny.”

Microsoft’s initial investigation reveals that this vulnerability could allow an attacker to use the speech recognition feature in Windows Vista to verbally execute commands on a user’s computer. The attackers’ commands are limited to the rights of the logged on user. User Account Control prohibits the attacker from executing any administrative level commands.
Click to expand...
 
User Account Control prohibits the attacker from executing any administrative level commands.
Click to expand...

Much like being logged in as "root" in *nix makes you vulnerable.
 
I don't think anyone should be too concerned about this, and your microphone shouldn't even be pointed at/close to your speakers.

If there's a confirmation feature for when a command is issued, then obviously the attacking audio could say 'Yes.'

However, MS could tweak a confirmation feature and have users configure their own 'confirmation' voice command.

"Run Firefox."
"Command issued: Run Firefox.exe?"
"Booger."
::Firefox opens::
 
Wow thats kinda actually... START. SHUTDOWN. funny, yaknow. I would hate for START. FIREFOX. ADDRESS. W. W. W. DOT. G. O. A. TEA. DOT. SEA. EX. that to happen to me...
 
Yaknow, kidding aside, I could see this as a bandaid for phone tech support.

Miss, please turn on speaker phone and i will complete the setting changes.

Or

Having trouble enabling The Sims on your windows firewall? No Problem! Just click play here.

I can dream, cant it?
 
Wow, that is great! :D

Should be easy enough to fix(don't do anything that has been played over the speakers), but it is quite funny! :D
 
EXreaction said:
Should be easy enough to fix(don't do anything that has been played over the speakers)
Click to expand...

And how is the software to know the sound is coming from speakers? Monitor the audio device's output? This would be some breakthrough MS patch.

What if another computer is in the room? Wireless phone on speaker phone? What about the attack using the internal speaker?
 
So your saying its impossible to have some kind of noise canceling functionality to monitor audio out?
 
warmace said:
So your saying its impossible to have some kind of noise canceling functionality to monitor audio out?
Click to expand...

This "noise" being another voice that the software picks up? Good luck programming that. It's not filtering out static or crackling.

Either the software's voice recognition is so sensitive to distinguish the user from any other voice without error, or give the user a special confirmation word so that commands cannot be executed by someone who doesn't know it.
 
the New RIAA Website-
If their homepage is left open for 30 minutes, it will search and delete all your MP3 files.:eek:

the new Apple website-
bills you for Apple OSX, then installes it.
 
When I was killing people in Counterstrike my computer heard and called the police.

Fortunately they were all bad people.
 
Fooshnik said:
When I was killing people in Counterstrike my computer heard and called the police.

Fortunately they were all bad people.
Click to expand...


I'm really hoping noone eavesdrops on my gaming chatter. I'll be paying obscenity fines til doomsday.
 
lets hope that this is the worst security flaw in Vista! Ya... i know... not likley.

Oh well. it would be funny to return home and hear someone hacking my computer. at least i would know it was happening
 
You must log in or register to reply here.
Back
Top