Remote Exploit of Vista Speech Control 372
An anonymous reader writes "George Ou writes in his blog that he found a remote exploit for the new and shiny Vista Speech Control. Specifically, websites playing soundfiles can trigger arbitrary commands. Ou reports that Microsoft confirmed the bug and suggested as workarounds that either 'A user can turn off their computer speakers and/or microphone'; or, 'If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition, and restart their computer.' Well, who didn't see that coming?"
A Whole Decade of Nothing (Score:5, Interesting)
More than ten years ago I was playing with the speech recognition software that shipped with MacOS 7 or something and I though being able to check my e-mail without getting out of bed was pretty cool. At the time I wrote something about the technology and predicted that speech activated commands would never take off until: 1, most audio people listened to was controlled by the computer, and 2, the computer was smart enough to filter out the sounds it was emitting before processing commands. At the time a lot of people listened to music from their computer and I imagine many still do. Why can't the computer ignore all that sound? It knows it is outputting it so why not filter it? It is sad that the same missing feature is still a problem, so many years later.
In One Ear and Out the Other (Score:1, Interesting)
The quality of MS security analysts working on Vista is revealed to be very dim by this explot. This kind of exploit and defect in the Vista multimedia architecture speaks very badly of the prospect for the next 5 years of MS operating systems. They're a plague.
Re:OS X? (Score:2, Interesting)
1. Ran the voice command option and configured it as apple suggests.
2. Made sure that the voice command understood my command by issuing several and getting the correct replys back from the system.
3. Recorded the command "What time is it?"
4. Played back the command with voice commands on.
The mac did not respond. I then tried the same thing with a patch cable between the output and a iMic USB audio adapter. It still would not respond from the recording bout will respond to my voice. I have no idea how Apple is able to distinguish where the voice is coming from.
Re:The Real Agenda of this Article? (Score:3, Interesting)
Nothing destructive is enabled by default: the worst you can do on a Mac is log yourself out, but that will keep everything running as it was before.
If you go to the Speech control panel you can, after putting your admin password in, enable Menu Bar actions which allow you to do things like trash files and restart the computer.
So by default the computer will just do helpful stuff, but if you really need full control over the OS through speech recognition (eg, you are disabled) you can enable it.
It's a good indicator of the different philosophies between the two OS vendors we also see in their approach to networking (this may have changed with Vista, I've not really been following it): Apple shut down everything by default and requires the user to open ports; windows boxes, on the other hand are wide open from first boot, have to have their ports shut down by a knowledgable user.
Startup Sound (Score:5, Interesting)
Re:That's hardly an exploit (Score:4, Interesting)
Mind you this won't stop your roommate from yelling "Shut Down...Yes" just to piss you off. Or worse yet the guy you just fired yelling something more destructive on his way out of the office.
Speech Researcher Here Confirms It (Score:4, Interesting)
Re:That's hardly an exploit (Score:3, Interesting)
If that's true, then that's awesome. I remember a couple years ago reading a story on slashdot about various experimental usability projects going on at Microsoft and this was one of them. I think they even put together a mock desktop in flash where they implemented this volume system that you could play with. From a usability standpoint it was way better. I had assumed that this was something that just got lost along the way, but I'm glad to see they went through with it.
There's An Even Simpler Solution (Score:3, Interesting)
Saying it is unfixable is a copout (Score:3, Interesting)
The problem of course is that the computer next to you might suffer from the exploit since it doesn't know what sound your computer is generating, though this might be diminished by subtracting other sound to some extent via sidepointing mics or even better by just refusing to do dangerous commands like format or delete via voice recognition in the first place. There are gray areas that probably make total safety impossible but some common sense things including disabling all recognition during sound generation from explorer and wmp sound like a good place to start.
Re:The Real Agenda of this Article? (Score:2, Interesting)
Thing is, it was local accounts only, no directory system at this point, much less for voiceprints !