StarDestroyer.Net BBS

BBC wrote:Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders.

Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail.

In one scenario outlined by users a MP3 file of voice instructions was used to tell the PC to delete documents.

Microsoft said the exploit was "technically possible" but there was no need to worry.

The firm has pointed out that in order for the flaw to be exploited the speech recognition feature would need to be activated and configured and both microphone and speakers would have to be switched on."The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," a Microsoft security researcher wrote on the team's official blog.

Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.

Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.

The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

"There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation," wrote the Microsoft researcher.

While speech recognition was a feature of Windows XP, in Vista the use has been widened.

"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation," said the researcher.

InnocentBystander wrote:I think its safe to say that this isn't a critical exploit, I mean... who even uses speech recognition?

Tolya wrote:Imagine playing Splinter Cell V with a speech recognition engine on...

Lambert: "Fisher, did you format the hard drive?"

Vista: Yes Master!

FSTargetDrone wrote:The one game I ever used voice recognition for was Red Baron 3D. Given that there weren't very many cockpit controls other than starting the engine and maybe firing some rockets, it wasn't all that complicated. But I felt very silly saying "start" or whatever to turn the engine on.

Tolya wrote:Imagine playing Splinter Cell V with a speech recognition engine on...

Lambert: "Fisher, did you format the hard drive?"

Vista: Yes Master!

Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.

The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

Destructionator XIII wrote:

Clearly, the voice command app has admin priveledges.

No, it doesn't. It would run with the same access or less as your user, like any other program you run.

Praxis wrote:

Destructionator XIII wrote:

Clearly, the voice command app has admin priveledges.

No, it doesn't. It would run with the same access or less as your user, like any other program you run.

Which is enough to do a whole load of damage; destroy all your user settings, all your documents, and all the files on the hard drive that aren't in user folders or system folders. And all the apps you installed.

phongn wrote: If you have Volume Shadow Services enabled in Vista (requires Enterprise or Ultimate, IIRC) you can also restore recently deleted directories and files in the %UserProfile% directory