Slashdot Log In
Remote Exploit of Vista Speech Control
Posted by
kdawson
on Thu Feb 01, 2007 10:54 AM
from the format-C-yes dept.
from the format-C-yes dept.
An anonymous reader writes "George Ou writes in his blog that he found a remote exploit for the new and shiny Vista Speech Control. Specifically, websites playing soundfiles can trigger arbitrary commands. Ou reports that Microsoft confirmed the bug and suggested as workarounds that either 'A user can turn off their computer speakers and/or microphone'; or, 'If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition, and restart their computer.' Well, who didn't see that coming?"
This discussion has been archived.
No new comments can be posted.
Remote Exploit of Vista Speech Control
|
Log In/Create an Account
| Top
| 372 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
Most Important Part of the Announcement (Score:5, Funny)
(http://slashdot.org/~eldavojohn/ | Last Journal: Tuesday October 16, @03:26PM)
Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising [theonion.com].
Re:Most Important Part of the Announcement (Score:5, Funny)
One of the computer geeks at the Pentagon better not be watching any Star Trek episodes.
Re:Most Important Part of the Announcement (Score:5, Funny)
Re:Most Important Part of the Announcement (Score:5, Funny)
Don't believe me? Try it yourself.
Re:Most Important Part of the Announcement (Score:5, Funny)
Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising [theonion.com].
Yell Commands Across the Room (Score:5, Funny)
(http://www.restorationunity.com/ | Last Journal: Tuesday July 05 2005, @08:12AM)
That's hardly an exploit (Score:5, Insightful)
(http://www.hwacha.net/)
Taking a computer that obeys audio instructions, and playing it some audio instructions, is more of a 'duh' than an 'exploit'. But this problem is a very Good Thing. It can only mean:
-- EITHER people stop yakking on about voice computing, which has been the Way Of The Future since about 1935 or something
-- OR pressure is exerted on web designers to NOT make sites that start making noise the moment the page appears!
Either of these, but especially the latter, would be a big win. So here's to you, Mr. Exploit Finding Man!
Re:That's hardly an exploit (Score:5, Funny)
(Last Journal: Friday August 18 2006, @11:17PM)
Now there's a Bud commercial I'd like to hear.
Re:That's hardly an exploit (Score:5, Funny)
Real American Heroes (reaaalllll american heroooessss...)
Today we salute you, Mr Computer Software Exploit Finder (computer software exploit fii-inder)
While others are wasting away their lives drinking, dating, and and having fun, you're hunched over a screen, plowing through code.(hunch plow hunchie plow)
You may not have seen the sun in days, but thats ok- you do this for the greater good.(greaaater goooo-ooodd)
Only YOU could realize that a carefully crafted web favorites icon [microsoft.com] could potentially bring the world to its knees.(Down on its kneeee--eesss)
So crack open an Ice Cold Bud Light, Oh Overload of Overflow, because without you, CmdrTaco would have to get a real job.
Next Mac Ad is even better (Score:5, Funny)
(http://www.gypsymaps.com/)
Mac: and I'm a Mac
PC: I have a cool new feature called voice control.
Mac: That is stupid. I have the Time-Machine which let's you recover old documents. Let's say you accidently delete the documents folder
PC: Okay
Mac: To get you documents back, all you have to do is slide the time machine back one minute.
PC: Sounds cool, but cant you just get the documents out of the trash?
Mac: Yes, but it works even if you accidentally empty the recycle bin
Thanks for the inspiration! (Score:4, Funny)
(http://emulation.victoly.com/ | Last Journal: Thursday November 30 2006, @06:03PM)
Mac: and I'm a Mac
PC: I have a cool new feature called voice control.
Mac: That is stupid. I've had secure voice control for years
PC: Yes, but with your primitive voice control, the statements had to be in the right format, see?
Mac: OK, but that's why we call it secure. The user has to select a keyword that will trigger the commands.
PC:
Or... (Score:4, Funny)
(http://www.flying-rhenquest.net/)
Mac: And I'm a Mac!
PC: I have a cool new feature called Voice Control!
Mac: FORMAT C!
Re:Next Mac Ad is even better (Score:5, Funny)
(http://localhost/ | Last Journal: Tuesday January 16 2007, @02:40PM)
PC: Hi, I'm a PC.
Mac: and I'm a Mac.
PC: Now that I run vista, I can accept voice commands!
Mac: Wow, that sounds cool. But what if someone tells you to punch yourself in the face?
PC punches self in the face and nose begins to bleed
PC: Ouch, that hurt!
Mac: I'm sorry PC, I didn't realize that just telling you to do something like "poke yourself in the eye"...
PC pokes finger into his eye
Mac:
PC starts to uncontrollably sneeze, the blood from his nose splattering everywhere
Mac:
PC: groan I'm sorry if I splattered on you.
Mac: That's ok PC, I'm pretty immune to viruses, so I think I'll be alright.
Re:That's hardly an exploit (Score:5, Informative)
Re:That's hardly an exploit (Score:4, Informative)
(http://www.milksucks.com/ | Last Journal: Monday September 15 2003, @12:30PM)
mkdir
bind
run_noisy_application
Re:That's hardly an exploit (Score:4, Interesting)
Mind you this won't stop your roommate from yelling "Shut Down...Yes" just to piss you off. Or worse yet the guy you just fired yelling something more destructive on his way out of the office.
Re:That's hardly an exploit (Score:5, Insightful)
(http://slashdot.org/)
There has never been any sound from a webpage that didn't make me want to immediately beat the person who wrote it with his own leg. I don't want to listen to your stupid MIDI file of whatever the fsck you think is cool on your web page.
There was never any good reason to embed sounds in web pages unless you have to click a button to specifically play it.
Cheers
Re:That's hardly an exploit (Score:4, Funny)
(http://paul-mclaughlin.com/)
I'm feeling anal today, so ... (Score:5, Insightful)
(Last Journal: Wednesday February 14 2007, @09:49AM)
An exploit is, by definition, a successful manipulation of a bug/omission/hole/whatever in a computer system to make it perform something that it was not designed to do. Usually this term is only applied when said action is harmful or potentially harmful.
What is being described here is the possibility of controlling the voice recognition system in Vista remotely to make it perform potentially harmful tasks. Furthermore, this functionality is not something that said system was designed to do; it was only designed to accept commands via microphone.
Therefore, what is being described here is an exploit.
Q.E.D.
I tried to replicate the bug, but all I got was (Score:5, Funny)
Re:I tried to replicate the bug, but all I got was (Score:5, Funny)
Re:I tried to replicate the bug, but all I got was (Score:5, Funny)
(Last Journal: Thursday December 09 2004, @09:25AM)
amusing, but not much else (Score:3, Insightful)
Admitedly all I can think of is the Dilbert cartoon with Wally getting ticked at Dilbert having voice driven software.
Bug? (Score:4, Insightful)
(http://www.hyperlogos.org/ | Last Journal: Wednesday July 18, @08:19PM)
The Real Agenda of this Article? (Score:4, Insightful)
Re:The Real Agenda of this Article? (Score:5, Informative)
All voice recognition software, no matter what platform, would suffer from this supposed "exploit". So why this article on Vista specifically?
This is untrue. Speech recognition software can be made to filter out anything coming in the mic that matches something going out the speaker channel. More simply, you can simply require all commands be preceded with an arbitrary word (like the computer's name). Call you computer "George" and then issue the command "George, kill dash nine star dot star." As opposed to "kill dash nine star dot star." Since the exploit writer won't know to include "George" their exploit fails almost all the time. This was a feature of MacOS 7, more than a decade ago, as I mentioned elsewhere.
Also, if the voice recognition software is trained for a specific user's voice, the chances of an exploit are reduced.
Depending upon the tolerance, this is entirely possible, but I don't see it as being as important or versatile as the other two methods I listed above. MS should have learned from the example of others.
Re:The Real Agenda of this Article? (Score:4, Funny)
(http://fnarg.com/)
Bob: "Bob go jump off a bridge"
Bob: "Who said that ?"
Bob: "I said that. Now jump!"
Bob: "Ok.. Aaaaaaaagh!"
Stupid.
Format (Score:3, Funny)
(http://i.nt.ro/)
I'm waiting for the audio exploit that responds to (Score:3, Funny)
A Whole Decade of Nothing (Score:5, Interesting)
More than ten years ago I was playing with the speech recognition software that shipped with MacOS 7 or something and I though being able to check my e-mail without getting out of bed was pretty cool. At the time I wrote something about the technology and predicted that speech activated commands would never take off until: 1, most audio people listened to was controlled by the computer, and 2, the computer was smart enough to filter out the sounds it was emitting before processing commands. At the time a lot of people listened to music from their computer and I imagine many still do. Why can't the computer ignore all that sound? It knows it is outputting it so why not filter it? It is sad that the same missing feature is still a problem, so many years later.
Re:A Whole Decade of Nothing (Score:5, Insightful)
(http://maydaydc.mahost.org/)
The sound that is output by the computer sounds similar to us when re-received through the mic and played back, but to the computer it's a totally alien waveform. A lot of distortion happens between when the computer sends a digital signal to the sound card and when it receives an analog signal from your microphone - so basically, the computer may know what it's playing, but it has very little idea how it'll sound when it reaches the mic.
There are advanced filters and algorithms that can try to match and isolate particular patterns and "sounds" within a waveform, but they're not nearly as powerful as CSI would have us believe, and they also require far too much computing power to be run in realtime.
Of course, the obvious low-tech solution to this issue is to wear headphones, as people in recording studios have for decades.
Re:A Whole Decade of Nothing (Score:5, Insightful)
(Last Journal: Saturday August 18 2001, @11:04AM)
Most simple schemes people come up with to address this are perfectly doable with a free sound program. Play some music, record the area while you're playing the music, then try your great idea. Like, you might think you can start out with inverting the source file and feeding it into the recording with a delay and modified amplitude. If you're really curious about this problem, this is a better way to learn about the difficulties then reading people on the internet, as, in my experience, you're quite likely to be skeptical about the explanations anyhow. The best (and in some sense, only true) explanations involve a lot of math.
I can offer you this meta-rule, though: If it were so easy, it would already have been done. Many things that I see people posting on Slashdot about "Why don't they just do this thing?" are covered by this rule.
Shit... (Score:5, Funny)
Nothing new here (Score:5, Funny)
Hey, no need to panic... (Score:4, Informative)
"Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played."
Yeah, nobody ever leaves their computer unattended.
And of course, it would be completely impossible for a Trojan to pipe appropriate sounds directly to the input buffer of the sound hardware, thus negating the need for it to be played through your speakers at all. As we all know, Windows is completely watertight against that sort of thing.
This raises an interesting possibility, though - what if you could confuse the recogniser itself into making false positives? You could, for example, persuade it to recognise silence as a command of your choosing.
Best way round this is probably to prevent people doing potentially destructive operations via voice commands. But if this isn't suitable, you could employ clever confirmation strategies, like "If you're sure you want to delete c:\windows, please say the following words..." with the words in question being drawn from a dictionary. No malware could anticipate the sequence (although I suppose you could set the recogniser to work against itself, by playing the text-to-speech engine's own output back to it and triggering recognition).
Hmm. Promises to be quite fun, this.
howto for Mac users (Score:5, Informative)
(Last Journal: Thursday July 12, @12:30PM)
$ echo "format sea slash you" | say -o evil.aiff
This makes your messages with a nice, clear, even voice--wouldn't want a bunch of 'um's and 'ah's borking up your exploit, now would you.
`man say` for more options.
Fraternity Fun (Score:5, Funny)
(http://www.cabochon.com/)
We've been waiting for this (and joking about it) (Score:5, Funny)
"FORMAT DRIVE C! CONFIRM!".
Instant fun.
Makes me feel all soft and gooshy inside just thinking of it.
Predictions from the past ... (Score:5, Funny)
(http://t3.dotgnu.info/ | Last Journal: Monday September 26 2005, @06:32AM)
Shocked! (Score:3, Funny)
Best. Prank. Ever. (Score:4, Funny)
(http://slashdot.org/)