BBC wrote:Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders.
Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail.
In one scenario outlined by users a MP3 file of voice instructions was used to tell the PC to delete documents.
Microsoft said the exploit was "technically possible" but there was no need to worry.
The firm has pointed out that in order for the flaw to be exploited the speech recognition feature would need to be activated and configured and both microphone and speakers would have to be switched on."The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," a Microsoft security researcher wrote on the team's official blog.
Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.
Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.
The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.
"There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation," wrote the Microsoft researcher.
While speech recognition was a feature of Windows XP, in Vista the use has been widened.
"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation," said the researcher.
Hacking Vista: just talk to it
Moderator: Thanas
Hacking Vista: just talk to it
- InnocentBystander
- The Russian Circus
- Posts: 3466
- Joined: 2004-04-10 06:05am
- Location: Just across the mighty Hudson
- FSTargetDrone
- Emperor's Hand
- Posts: 7878
- Joined: 2004-04-10 06:10pm
- Location: Drone HQ, Pennsylvania, USA
I was just going to ask if anyone used it. I played with a evaluation version of some voice recognition stuff once, but it was faster just to use the keyboard!InnocentBystander wrote:I think its safe to say that this isn't a critical exploit, I mean... who even uses speech recognition?
I recall a commercial 5-10 years ago, I think it was for Compaq computers, showing a man in an office telling his computer to "Open work file," or some such and it did so. I've never really seen very much promotion since of voice interaction.
- InnocentBystander
- The Russian Circus
- Posts: 3466
- Joined: 2004-04-10 06:05am
- Location: Just across the mighty Hudson
- FSTargetDrone
- Emperor's Hand
- Posts: 7878
- Joined: 2004-04-10 06:10pm
- Location: Drone HQ, Pennsylvania, USA
The one game I ever used voice recognition for was Red Baron 3D. Given that there weren't very many cockpit controls other than starting the engine and maybe firing some rockets, it wasn't all that complicated. But I felt very silly saying "start" or whatever to turn the engine on.Tolya wrote:Imagine playing Splinter Cell V with a speech recognition engine on...
Lambert: "Fisher, did you format the hard drive?"
Vista: Yes Master!
It was cool with Dangerous Waters, though. Unless someone walked by when you yelled "Fire one! Fire two!!!" into the microphoneFSTargetDrone wrote:The one game I ever used voice recognition for was Red Baron 3D. Given that there weren't very many cockpit controls other than starting the engine and maybe firing some rockets, it wasn't all that complicated. But I felt very silly saying "start" or whatever to turn the engine on.
- DPDarkPrimus
- Emperor's Hand
- Posts: 18399
- Joined: 2002-11-22 11:02pm
- Location: Iowa
- Contact:
- Uraniun235
- Emperor's Hand
- Posts: 13772
- Joined: 2002-09-12 12:47am
- Location: OREGON
- Contact:
Tolya wrote:Imagine playing Splinter Cell V with a speech recognition engine on...
Lambert: "Fisher, did you format the hard drive?"
Vista: Yes Master!
Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.
The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.
"There is no "taboo" on using nuclear weapons." -Julhelm
What is Project Zohar?
"On a serious note (well not really) I did sometimes jump in and rate nBSG episodes a '5' before the episode even aired or I saw it." - RogueIce explaining that episode ratings on SDN tv show threads are bunk
"On a serious note (well not really) I did sometimes jump in and rate nBSG episodes a '5' before the episode even aired or I saw it." - RogueIce explaining that episode ratings on SDN tv show threads are bunk
- InnocentBystander
- The Russian Circus
- Posts: 3466
- Joined: 2004-04-10 06:05am
- Location: Just across the mighty Hudson
Which is enough to do a whole load of damage; destroy all your user settings, all your documents, and all the files on the hard drive that aren't in user folders or system folders. And all the apps you installed.Destructionator XIII wrote:No, it doesn't. It would run with the same access or less as your user, like any other program you run.Clearly, the voice command app has admin priveledges.
- InnocentBystander
- The Russian Circus
- Posts: 3466
- Joined: 2004-04-10 06:05am
- Location: Just across the mighty Hudson
Ho man, you're right. Having a virus on your computer could be bad...Praxis wrote:Which is enough to do a whole load of damage; destroy all your user settings, all your documents, and all the files on the hard drive that aren't in user folders or system folders. And all the apps you installed.Destructionator XIII wrote:No, it doesn't. It would run with the same access or less as your user, like any other program you run.Clearly, the voice command app has admin priveledges.
%ProgramData% and %ProgramFiles% are protected directories in Vista and cannot be deleted (or even modified) by normal users.
If you have Volume Shadow Services enabled in Vista (requires Enterprise or Ultimate, IIRC) you can also restore recently deleted directories and files in the %UserProfile% directory
If you have Volume Shadow Services enabled in Vista (requires Enterprise or Ultimate, IIRC) you can also restore recently deleted directories and files in the %UserProfile% directory
- DPDarkPrimus
- Emperor's Hand
- Posts: 18399
- Joined: 2002-11-22 11:02pm
- Location: Iowa
- Contact:
"Disable Volume Shadow Services"phongn wrote: If you have Volume Shadow Services enabled in Vista (requires Enterprise or Ultimate, IIRC) you can also restore recently deleted directories and files in the %UserProfile% directory
"Delete My Documents"
Mayabird is my girlfriend
Justice League:BotM:MM:SDnet City Watch:Cybertron's Finest
"Well then, science is bullshit. "
-revprez, with yet another brilliant rebuttal.
Justice League:BotM:MM:SDnet City Watch:Cybertron's Finest
"Well then, science is bullshit. "
-revprez, with yet another brilliant rebuttal.