From the Steve-Jobs-is-having-a-field-day-with-this department, Microsoft has confirmed a hole in Windows Vista’s speech recognition capability that allows a malicious site or email attachment to delete files remotely. But I would actually classify this hole as nothing to be concerned about. For your Vista PC to be in any danger you must have speech recognition activated, along with your microphone on and your speakers set at a decent volume.
There’s nothing high-tech about this exploit – if you open an mp3 attachment or go to someone’s MySpace page that has one of those audio widgets, the audio could just tell your computer to delete things.
“The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as ‘copy’, ‘delete’, ’shutdown’, etc. and acting on them,” a Microsoft security researcher wrote on the team’s official blog.
Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.
Hahaha.
Okay, back to being serious; if you rely on Vista’s speech recognition capability you’ll be safe if you keep User Account Control enabled. By default, speech recognition cannot respond to UAC prompts. In the meantime I await the Mac TV ad where the Mac tells the PC to format itself, and it does.
Tweet This
Stumble This
{ 2 trackbacks }
{ 11 comments… read them below or add one }
That didn’t take long now did it?
The premise of the exploit is pretty funny, though.
More from author
Vista has been out what, 2 days now?
PA-THETIC.
More from author
I’m surprised it took 2 days!!
More from author
I wouldn’t go so far as to call this pathetic. I mean, wouldn’t any system that uses speech recognition and doesnt require clickable prompts be susceptible to this “exploit”?
It is however, quite hilarious. I’m no expert on Vista, as I have yet to actually try it…but how does the speech recognition locate files? I mean, if your computer has unique drive names, for example, how does it navigate to the specific file?
Does anyone else find this funny more than anything? I could just imagine some housewife calling tech support to tell them ‘her computer told itself to delete itself’.
More from author
LOL, that completely cracked me up!
More from author
This “exploit” is also possible in OS X. If you have the speech turned on and have selected the default “Computer” option to start listening to commands in stead of the press key approach. All the exploiter would need to do is add the word “Computer” in front of all the other stuff.
More from author
This is pretty funny.
But it’s only news because no serious exploits have been found in Vista. Making a big deal out of it only reinforces the belief among the Windows corporate crowd that Mac users are juvenile.
More from author
It’s not a big deal, and any speech recognition software could be vulnerable to this. It’s just one reason why you shouldn’t use speech recognition software for file management, or have your speakers on. Who uses their speakers when they have SR software running? You are supposed to use a headphone/mic combo.
More from author
Leave it to Microsoft to deck the halls with their own incompetence.
More from author
It’s going to be really funny when malware in vista just has to turn on the microphone, speakers, and voice recognition software, and just issue a recording of verbal commands to disable security programs and start deleting stuff. Vista has done away with the need for complicated code.