February 6, 2007 General 0

Oh this takes the cake.  Talking about an exploit you can drive a truck through.  The funny part is..it’s able to be very easily done.  I have to post this one in full:

Vista has speech recognition hole

Microsoft has admitted that speech recognition features in Vista could
be hijacked so that a PC tells itself to delete files or folders.

Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail.

In one scenario outlined by users an MP3 file of voice instructions was used to tell the PC to delete documents.

Microsoft said the exploit was “technically possible” but there was no need to worry.

The firm has pointed out that in order for the flaw to be exploited the
speech recognition feature would need to be activated and configured
and both microphone and speakers would have to be switched on.

There are also additional barriers that would make an attack difficult

Microsoft security researcher

“The exploit scenario would involve the speech recognition feature
picking up commands through the microphone such as ‘copy’, ‘delete’,
‘shutdown’, etc. and acting on them,” a Microsoft security researcher
wrote on the team’s official blog.

Some Vista users have already tested the exploit and
were able to delete files and empty the trash can so that the documents
were not retrievable.

Microsoft has said that even if the machine was primed
to accept voice commands it would be unlikely the user would not be in
the room to hear the file with malicious instructions being played.

The firm also said that voice commands could not be
used for privileged functions such as creating a new user or formatting
a drive.

“There are also additional barriers that would make an
attack difficult including speaker and microphone placement, microphone
feedback, and the clarity of the dictation,” wrote the Microsoft

While speech recognition was a feature of Windows XP, in Vista the use has been widened.

“While we are taking the reports seriously and investigating them
accordingly I am confident in saying that there is little if any need
to worry about the effects of this issue on your new Windows Vista
installation,” said the researcher.

Story from BBC NEWS:

So this means when you walk away form your vista machine you really need to either unplug your mic or turn off your speakers. yOu also can’t use the software mixes in vista as i’m sure a trojan wil be developed that will first turn on voice recognition, then turn on the mic and then turn on the speakers and then playback a file telling the machine to start deleting things. New security procedure for vista:

walk away form computer
turn off speakers or unplug or use the mics hardware switch to mute it or turn off the machine