Hacking Vista: just talk to it

[Bounty]

Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders.

Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail.

In one scenario outlined by users a MP3 file of voice instructions was used to tell the PC to delete documents.

Microsoft said the exploit was "technically possible" but there was no need to worry.

The firm has pointed out that in order for the flaw to be exploited the speech recognition feature would need to be activated and configured and both microphone and speakers would have to be switched on."The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," a Microsoft security researcher wrote on the team's official blog.

Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.

Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.

The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

"There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation," wrote the Microsoft researcher.

While speech recognition was a feature of Windows XP, in Vista the use has been widened.

"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation," said the researcher.

[InnocentBystander]

I think its safe to say that this isn't a critical exploit, I mean... who even uses speech recognition?

[FSTargetDrone]

I think its safe to say that this isn't a critical exploit, I mean... who even uses speech recognition?

I was just going to ask if anyone used it. I played with a evaluation version of some voice recognition stuff once, but it was faster just to use the keyboard!

I recall a commercial 5-10 years ago, I think it was for Compaq computers, showing a man in an office telling his computer to "Open work file," or some such and it did so. I've never really seen very much promotion since of voice interaction.

[Netko]

Well, I tested it out for shit and giggles and although slower it is usable as long as you use a good microphone an English. Quite nifty once the computer gets used to your voice.

[InnocentBystander]

Is this currently the *only* known vista exploit? Or are there others hanging around from the beta days still?

[Tolya]

Imagine playing Splinter Cell V with a speech recognition engine on...

Lambert: "Fisher, did you format the hard drive?"

Vista: Yes Master!

[FSTargetDrone]

Imagine playing Splinter Cell V with a speech recognition engine on...

Lambert: "Fisher, did you format the hard drive?"

Vista: Yes Master!

The one game I ever used voice recognition for was Red Baron 3D. Given that there weren't very many cockpit controls other than starting the engine and maybe firing some rockets, it wasn't all that complicated. But I felt very silly saying "start" or whatever to turn the engine on.

[PeZook]

The one game I ever used voice recognition for was Red Baron 3D. Given that there weren't very many cockpit controls other than starting the engine and maybe firing some rockets, it wasn't all that complicated. But I felt very silly saying "start" or whatever to turn the engine on.

It was cool with Dangerous Waters, though. Unless someone walked by when you yelled "Fire one! Fire two!!!" into the microphone

[DPDarkPrimus]

It'd be sweet to use voice commands for some sort of military sim, definately.

Bark orders to your buddies.

[Uraniun235]

Imagine playing Splinter Cell V with a speech recognition engine on...

Lambert: "Fisher, did you format the hard drive?"

Vista: Yes Master!

Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.

The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

[Praxis]

I do wonder, though...might it be possible to make a virus that feeds commands directly to the voice command app, making it *think* it heard someone say "delete all my documents" without actually saying it? Clearly, the voice command app has admin priveledges.

[InnocentBystander]

It doesn't have full admin rights...

The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

I bet the worst it could do is delete user installed apps and documents (which may or may not be recoverable...)

[Praxis]

Clearly, the voice command app has admin priveledges.

No, it doesn't. It would run with the same access or less as your user, like any other program you run.

Which is enough to do a whole load of damage; destroy all your user settings, all your documents, and all the files on the hard drive that aren't in user folders or system folders. And all the apps you installed.

[InnocentBystander]

Clearly, the voice command app has admin priveledges.

No, it doesn't. It would run with the same access or less as your user, like any other program you run.

Which is enough to do a whole load of damage; destroy all your user settings, all your documents, and all the files on the hard drive that aren't in user folders or system folders. And all the apps you installed.

Ho man, you're right. Having a virus on your computer could be bad...

[Beowulf]

Apps should be installed as the admin, into a system folder. So you don't end up losing that.

[phongn]

%ProgramData% and %ProgramFiles% are protected directories in Vista and cannot be deleted (or even modified) by normal users.

If you have Volume Shadow Services enabled in Vista (requires Enterprise or Ultimate, IIRC) you can also restore recently deleted directories and files in the %UserProfile% directory

[DPDarkPrimus]

If you have Volume Shadow Services enabled in Vista (requires Enterprise or Ultimate, IIRC) you can also restore recently deleted directories and files in the %UserProfile% directory

"Disable Volume Shadow Services"

"Delete My Documents"

[Netko]

System setting changes are a protected function.

Really, the only painful thing here are documents, it can't trash your computer otherwise, not without running into a elevation prompt which it cannot pass with voice commands.

And the scenario to get even document deletion is very contrived.

[phongn]

To be fair, the most important stuff on a user's computer typically are the documents.