• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Vista Speech Recognition Flaw

Jimmy 2004

New Member
Joined
Jan 15, 2005
Messages
5,458 (0.78/day)
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
Three days after being released, the first major flaw has been published for Windows Vista. For anyone with speech recognition enabled, malicious websites or audio files could potentially give commands to hijack the PC and tell it to delete files. It works by playing commands such as shutdown, copy or delete through the speakers which could then be picked up by the microphone, causing the computer to carry out certain tasks. Microsoft admits that the exploit is "technically possible" but doesn't see it as a major problem. This flaw is more down to new features than problems with the coding of Vista, and it shouldn't be a problem for most people.

View at TechPowerUp Main Site
 

EviLZeD

New Member
Joined
Sep 14, 2006
Messages
815 (0.13/day)
System Name Ez - 1st custom
Processor AMD Phenom x3 8450
Motherboard Asus m3a78-em
Cooling thermaltake mini typhoon :D aerogate fan controller
Memory 6gb corsair xms 2 800mhz ddr2
Video Card(s) xpertvision HD 4850 1GB ddr3 sonic 685/1000
Storage Corsair 128gb SSD, 2x 250GB maxtor 16mb cache raid 0, 500gb 32mb cache storage
Display(s) AMD surround view 2x e172fp 17" 1x dell e248wfp 24"
Case coolermaster elite 330
Audio Device(s) creative audigy se
Power Supply hiper type r 580watt
Software Windows 7 x64
hehe vista is so stable and bug free
 

EastCoasthandle

New Member
Joined
Apr 21, 2005
Messages
6,885 (1.00/day)
System Name MY PC
Processor E8400 @ 3.80Ghz > Q9650 3.60Ghz
Motherboard Maximus Formula
Cooling D5, 7/16" ID Tubing, Maze4 with Fuzion CPU WB
Memory XMS 8500C5D @ 1066MHz
Video Card(s) HD 2900 XT 858/900 to 4870 to 5870 (Keep Vreg area clean)
Storage 2
Display(s) 24"
Case P180
Audio Device(s) X-fi Plantinum
Power Supply Silencer 750
Software XP Pro SP3 to Windows 7
Benchmark Scores This varies from one driver to another.
This makes using AIM, yahoo messenger, etc a cautious thing indeed when speech recognition is enabled. Using the mic feature in these online chatting programs can re-create this very problem.

For example, you decide you want to use the mic feature instead of text messaging and you say:
Delete C.....
opposing user's response when balloon pops up on screen = :wtf: "how did you do that?"
......YES, continue
opposing user's response = :twitch: "wait, stop that!"
[user disconnected]

Wash, rinse, repeat.
 

bhaskar15

New Member
Joined
Dec 17, 2006
Messages
146 (0.02/day)
Processor E6300 @ 2.13 ghz |&| E6300 2.13 ghz
Motherboard Asus P5B |&| Asus P5B
Cooling Artic Cooling Freezer 7 Pro|&|2x80mm fans in-case
Memory 2x 512 mb 677 Ram DDR2 |&| 1gb Ram DDR2 677mhz
Video Card(s) XFX 7950GT 256mb |&| ???
Storage Seagate 80GB |&| Seagate 80GB
Display(s) Acer 19" LCD |&| ViewSonic VP920b 19"
Case XION III Black/Green |&| A plain case...
Audio Device(s) Onboard |&| Dead..so onboard
Power Supply Antec TruePower Trio |&| OCZ GameXstream 600W
Software XP Pro 32bit, XP Pro 64bit, MS Vista Ultimate (REAL)
hmm,this flaw isn't a risk for me. I mostly never use speech recognition while online.
 
D

Deleted member 24505

Guest
i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.
 

Benpi

New Member
Joined
Dec 14, 2006
Messages
415 (0.07/day)
Processor AMD X2 4400+
Memory 2G
Video Card(s) 7950 GX2
Storage 2x 74g 10000rpm Raid:0
Display(s) Dell 1920x1200 widescreen
Software 3dmark06 score: 7650
LoL, this isn't a hack. So basically if someone puts an audio clip on their website that says "Open My Docuoments, Delete, Empty Recycle Bin" and your speakers are loud enough to be picked up by a mic, and you happen to have voice recognition on, you'll lose your documents folder...... people just try to find things to write stories about. This is retarded.
 
Joined
Aug 30, 2006
Messages
7,195 (1.12/day)
System Name ICE-QUAD // ICE-CRUNCH
Processor Q6600 // 2x Xeon 5472
Memory 2GB DDR // 8GB FB-DIMM
Video Card(s) HD3850-AGP // FireGL 3400
Display(s) 2 x Samsung 204Ts = 3200x1200
Audio Device(s) Audigy 2
Software Windows Server 2003 R2 as a Workstation now migrated to W10 with regrets.
This is hilarious! Can't imagine that Vista programmers were so short sighted. Easily solved with a patch. No speech recognition (command recognition) if SOUND OUT (no mic when playing). Easy to implement.
 

WarEagleAU

Bird of Prey
Joined
Jul 9, 2006
Messages
10,812 (1.67/day)
Location
Gurley, AL
System Name Pandemic 2020
Processor AMD Ryzen 5 "Gen 2" 2600X
Motherboard AsRock X470 Killer Promontory
Cooling CoolerMaster 240 RGB Master Cooler (Newegg Eggxpert)
Memory 32 GB Geil EVO Portenza DDR4 3200 MHz
Video Card(s) ASUS Radeon RX 580 DirectX 12 DUAL-RX580-O8G 8GB 256-Bit GDDR5 HDCP Ready CrossFireX Support Video C
Storage WD 250 M.2, Corsair P500 M.2, OCZ Trion 500, WD Black 1TB, Assorted others.
Display(s) ASUS MG24UQ Gaming Monitor - 23.6" 4K UHD (3840x2160) , IPS, Adaptive Sync, DisplayWidget
Case Fractal Define R6 C
Audio Device(s) Realtek 5.1 Onboard
Power Supply Corsair RMX 850 Platinum PSU (Newegg Eggxpert)
Mouse Razer Death Adder
Keyboard Corsair K95 Mechanical & Corsair K65 Wired, Wireless, Bluetooth)
Software Windows 10 Pro x64
Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.
 

Alec§taar

New Member
Joined
May 15, 2006
Messages
4,677 (0.72/day)
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.

"StRaNgE & UnUsUaL" attack vectors abound...

:)

* Odd, I agree, but VERY possible!

APK
 
Joined
Dec 6, 2005
Messages
10,881 (1.63/day)
Location
Manchester, NH
System Name Senile
Processor I7-4790K@4.8 GHz 24/7
Motherboard MSI Z97-G45 Gaming
Cooling Be Quiet Pure Rock Air
Memory 16GB 4x4 G.Skill CAS9 2133 Sniper
Video Card(s) GIGABYTE Vega 64
Storage Samsung EVO 500GB / 8 Different WDs / QNAP TS-253 8GB NAS with 2x10Tb WD Blue
Display(s) 34" LG 34CB88-P 21:9 Curved UltraWide QHD (3440*1440) *FREE_SYNC*
Case Rosewill
Audio Device(s) Onboard + HD HDMI
Power Supply Corsair HX750
Mouse Logitech G5
Keyboard Corsair Strafe RGB & G610 Orion Red
Software Win 10
i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.

Good point - remember history!!! (It almost ALWAYS repeats itself).
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,957 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?
 

Alec§taar

New Member
Joined
May 15, 2006
Messages
4,677 (0.72/day)
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?

Aha! See?

:)

* PROOF, that it "comes w/ the territory" in this field, that being a "Sci-Fi" fan IS truly, part of the mixture required... & that I am NOT THE ONLY ONE!

(LOL!)

APK
 

zekrahminator

McLovin
Joined
Jan 29, 2006
Messages
9,066 (1.37/day)
Location
My house.
Processor AMD Athlon 64 X2 4800+ Brisbane @ 2.8GHz (224x12.5, 1.425V)
Motherboard Gigabyte sumthin-or-another, it's got an nForce 430
Cooling Dual 120mm case fans front/rear, Arctic Cooling Freezer 64 Pro, Zalman VF-900 on GPU
Memory 2GB G.Skill DDR2 800
Video Card(s) Sapphire X850XT @ 580/600
Storage WD 160 GB SATA hard drive.
Display(s) Hanns G 19" widescreen, 5ms response time, 1440x900
Case Thermaltake Soprano (black with side window).
Audio Device(s) Soundblaster Live! 24 bit (paired with X-530 speakers).
Power Supply ThermalTake 430W TR2
Software XP Home SP2, can't wait for Vista SP1.
:roll: You know, speech recognition shouldn't be allowed to do those functions anyways.
 
Joined
Aug 30, 2006
Messages
7,195 (1.12/day)
System Name ICE-QUAD // ICE-CRUNCH
Processor Q6600 // 2x Xeon 5472
Memory 2GB DDR // 8GB FB-DIMM
Video Card(s) HD3850-AGP // FireGL 3400
Display(s) 2 x Samsung 204Ts = 3200x1200
Audio Device(s) Audigy 2
Software Windows Server 2003 R2 as a Workstation now migrated to W10 with regrets.
AGREED, speech recog should not have such commands. It should be to "enchance" not substitute use of keyboard and mouse. It should therefore be to improve workflow of common tasks, e.g. the user selects some text, and says "bold"... and hey presto, the format changes. That saves a lot of mouse movement or key clicks.

But file commands... NO. Not unless it is designed for special purpose needs like "advanced handicapped input" for blind people. However, all it takes is for a meanie to walk into their room and say;

"change password to Supercalifragilisticexpialidocius-muhaha-muhaha" followed by

"Supercalifragilisticexpialidocius-muhaha-muhaha"

"yes"

"delete all pictures"

"all"

"delete all documents"

"all"

"logoff"

OUCH :roll:
 
Last edited:

Jimmy 2004

New Member
Joined
Jan 15, 2005
Messages
5,458 (0.78/day)
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.

It is true that this isn't actually Microsoft messing up so much as the fact that people won't bother exploiting things until they become mainstream - Firefox is (was?) a good example of this. Now it is actively being hacked, which is why it is relatively less secure than it used to be, same goes for voice control.

I think you guys are right - built in voice control shouldn't have such power... but then again, to stop things like this you would need to prevent it doing certain tasks from a command prompt ect. and you can see it might get difficult to prevent all the apps that might have the ability to delete files.
 

Mussels

Freshwater Moderator
Staff member
Joined
Oct 6, 2004
Messages
58,413 (8.21/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
"But i dont wanna format my C: drive!"

Vista hears ' Format C:'

Gotta admit - its bloody funny.
 
Joined
Jan 6, 2007
Messages
2,555 (0.41/day)
Location
Illinois
Processor i7 2600k@4.6ghz
Motherboard MSI z68ma-ed55
Cooling Silentx Extreem 120mm
Memory 2x4gb XMS 7-8-7-20 1600
Video Card(s) HD6870
Storage 2x128gb Kingston Hyper-X (Raid0), 2x750gb RE3 (RAID1), 2x750gb RE3 (RAID1)
Display(s) Soyo 24", Gateway 22"
Case Fractal Design Arc Mini 6x120mm fans.
Audio Device(s) Onboard
Power Supply Zalman 750w
Software Windows 7
i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.

Yes and I also remember how much faster XP was before they "patched" all the "bugs". Maybe these "updates" are an excuse to modify a value on the "hidden system latency timer". :rolleyes: If Vista is such a pig now I can't imagine how slow it'll be after a few updates.

I don't think Vista will actually execute system commands from a voice command without some sort of verification prompt...can it? If so that's a major fuk-up on Micro$haft's part.
 
Top