news.bbc.co.uk— Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders.
Feb 1, 2007View in Crawl 4
This security vulnerability doesn't sound like much of a security vulnerability to me - if you play speech audio to it locally with voice commands in, it performs the voice commands - I mean how likely are you to do this?What's more of a concern, is the incredible oversight it represents not to filter out local content. This represents either worrying programming, or a manifestation of the content protection features (this wouldn't be the first problem it's causing for programmers).
Unless someone can creatively come up with a scenario where this is effective - which I seriously doubt. This alleged flaw is absolutely benign. Even some minimal threat modelling will show this is a lot of FUD. There are just too many variables that need to be in place for this to work.
The RIAA would be pleased. Imagine illegaly dl a cd and accidentally erasing your harddrive because of it.Wait a minute. This is not a sceurity hole, this is a Vista feature!
I'd see this more as a blessing than a flaw, if it accepts MP3's as a voice command I can record my own voice with certain commands to run programs or features that I might use relatively frequently and it will open those when ever I'd run the audio file.
In reading the article and comments I'm shocked that no one seems to know enough about audio to know what a VAC (virtual audio cable) is. A virtual audio cable is a small script or program that acts as a patch cable between your speakers and microphone. If a hacker actually exploited this the smart way, you wouldn't hear a thing, you'd just get to watch as files disappeared after you accidentally initiated it. What does make this exploit less effective is that unlike the VAC script, audio files with enough instructions would probably be a few megs.For those who say what difference does this have to other voice recognition software, well others don't have low level access to your OS. Not enough access to reformat your hard-drive, but enough to be seriously annoying.You really don't think this is much of an exploit; well then dare a hacker to use it and message me the morning after.
blackadderiiiFeb 2, 2007
This security vulnerability doesn't sound like much of a security vulnerability to me - if you play speech audio to it locally with voice commands in, it performs the voice commands - I mean how likely are you to do this?What's more of a concern, is the incredible oversight it represents not to filter out local content. This represents either worrying programming, or a manifestation of the content protection features (this wouldn't be the first problem it's causing for programmers).
randyandyFeb 2, 2007
Unless someone can creatively come up with a scenario where this is effective - which I seriously doubt. This alleged flaw is absolutely benign. Even some minimal threat modelling will show this is a lot of FUD. There are just too many variables that need to be in place for this to work.
jinx___Feb 2, 2007
The RIAA would be pleased. Imagine illegaly dl a cd and accidentally erasing your harddrive because of it.Wait a minute. This is not a sceurity hole, this is a Vista feature!
almadielFeb 2, 2007
Seems to me like this would require an almost comical sequence of events to occur for it to cause any damage.
paullyvenneFeb 2, 2007
I found a another VISTA flaw!If someone sneaks up behind me and knocks me out, he can gain complete control of my system.
yebbanatorFeb 11, 2007
I'd see this more as a blessing than a flaw, if it accepts MP3's as a voice command I can record my own voice with certain commands to run programs or features that I might use relatively frequently and it will open those when ever I'd run the audio file.
darksatApr 27, 2007
Well given the millions of people using vista I can see this working in at least a few cases.
darthuvMay 20, 2008
In reading the article and comments I'm shocked that no one seems to know enough about audio to know what a VAC (virtual audio cable) is. A virtual audio cable is a small script or program that acts as a patch cable between your speakers and microphone. If a hacker actually exploited this the smart way, you wouldn't hear a thing, you'd just get to watch as files disappeared after you accidentally initiated it. What does make this exploit less effective is that unlike the VAC script, audio files with enough instructions would probably be a few megs.For those who say what difference does this have to other voice recognition software, well others don't have low level access to your OS. Not enough access to reformat your hard-drive, but enough to be seriously annoying.You really don't think this is much of an exploit; well then dare a hacker to use it and message me the morning after.