Vista Speech Recognition Flaw

Jimmy 2004 · Feb 2, 2007, 02:52 PM

Three days after being released, the first major flaw has been published for Windows Vista. For anyone with speech recognition enabled, malicious websites or audio files could potentially give commands to hijack the PC and tell it to delete files. It works by playing commands such as shutdown, copy or delete through the speakers which could then be picked up by the microphone, causing the computer to carry out certain tasks. Microsoft admits that the exploit is “technically possible” but doesn’t see it as a major problem. This flaw is more down to new features than problems with the coding of Vista, and it shouldn’t be a problem for most people.

Source: BBC News

EviLZeD · Feb 2, 2007, 03:39 PM

hehe vista is so stable and bug free

EastCoasthandle · Feb 2, 2007, 03:59 PM

This makes using AIM, yahoo messenger, etc a cautious thing indeed when speech recognition is enabled. Using the mic feature in these online chatting programs can re-create this very problem.

For example, you decide you want to use the mic feature instead of text messaging and you say:

Quote:

Delete C.....

opposing user's response when balloon pops up on screen =

"how did you do that?"

Quote:

......YES, continue

opposing user's response =

"wait, stop that!"
[user disconnected]

Wash, rinse, repeat.

bhaskar15 · Feb 2, 2007, 04:02 PM

hmm,this flaw isn't a risk for me. I mostly never use speech recognition while online.

tigger · Feb 2, 2007, 04:15 PM

i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.

Benpi · Feb 2, 2007, 05:17 PM

LoL, this isn't a hack. So basically if someone puts an audio clip on their website that says "Open My Docuoments, Delete, Empty Recycle Bin" and your speakers are loud enough to be picked up by a mic, and you happen to have voice recognition on, you'll lose your documents folder...... people just try to find things to write stories about. This is retarded.

lemonadesoda · Feb 2, 2007, 05:35 PM

This is hilarious! Can't imagine that Vista programmers were so short sighted. Easily solved with a patch. No speech recognition (command recognition) if SOUND OUT (no mic when playing). Easy to implement.

WarEagleAU · Feb 2, 2007, 06:07 PM

Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.

Alec§taar · Feb 2, 2007, 06:36 PM

Quote:

Originally Posted by WarEagleAU

Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.

"StRaNgE & UnUsUaL" attack vectors abound...

* Odd, I agree, but VERY possible!

APK

Sasqui · Feb 2, 2007, 06:37 PM

Quote:

Originally Posted by tigger69

i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.

Good point - remember history!!! (It almost ALWAYS repeats itself).

W1zzard · Feb 2, 2007, 06:42 PM

so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?

Alec§taar · Feb 2, 2007, 06:44 PM

Quote:

Originally Posted by W1zzard

so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?

Aha! See?

* PROOF, that it "comes w/ the territory" in this field, that being a "Sci-Fi" fan IS truly, part of the mixture required... & that I am NOT THE ONLY ONE!

(LOL!)

APK

zekrahminator · Feb 2, 2007, 06:53 PM

You know, speech recognition shouldn't be allowed to do those functions anyways.

lemonadesoda · Feb 2, 2007, 07:02 PM

AGREED, speech recog should not have such commands. It should be to "enchance" not substitute use of keyboard and mouse. It should therefore be to improve workflow of common tasks, e.g. the user selects some text, and says "bold"... and hey presto, the format changes. That saves a lot of mouse movement or key clicks.

But file commands... NO. Not unless it is designed for special purpose needs like "advanced handicapped input" for blind people. However, all it takes is for a meanie to walk into their room and say;

"change password to Supercalifragilisticexpialidocius-muhaha-muhaha" followed by

"Supercalifragilisticexpialidocius-muhaha-muhaha"

"yes"

"delete all pictures"

"all"

"delete all documents"

"all"

"logoff"

OUCH

Jimmy 2004 · Feb 2, 2007, 07:18 PM

Quote:

Originally Posted by WarEagleAU

Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.

It is true that this isn't actually Microsoft messing up so much as the fact that people won't bother exploiting things until they become mainstream - Firefox is (was?) a good example of this. Now it is actively being hacked, which is why it is relatively less secure than it used to be, same goes for voice control.

I think you guys are right - built in voice control shouldn't have such power... but then again, to stop things like this you would need to prevent it doing certain tasks from a command prompt ect. and you can see it might get difficult to prevent all the apps that might have the ability to delete files.

Mussels · Feb 3, 2007, 12:37 AM

"But i dont wanna format my C: drive!"

Vista hears ' Format C:'

Gotta admit - its bloody funny.

Lazzer408 · Feb 3, 2007, 12:43 AM

Quote:

Originally Posted by tigger69

i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.

Yes and I also remember how much faster XP was before they "patched" all the "bugs". Maybe these "updates" are an excuse to modify a value on the "hidden system latency timer".

If Vista is such a pig now I can't imagine how slow it'll be after a few updates.

I don't think Vista will actually execute system commands from a voice command without some sort of verification prompt...can it? If so that's a major fuk-up on Micro$haft's part.

Feb 2, 2007, 02:52 PM	#1
Jimmy 2004 Eligible for custom title Join Date: Jan 2005 Location: England Posts: 5,047 (1.65/day) Thanks: 134 Thanked 276 Times in 185 Posts System Specs	Vista Speech Recognition Flaw Three days after being released, the first major flaw has been published for Windows Vista. For anyone with speech recognition enabled, malicious websites or audio files could potentially give commands to hijack the PC and tell it to delete files. It works by playing commands such as shutdown, copy or delete through the speakers which could then be picked up by the microphone, causing the computer to carry out certain tasks. Microsoft admits that the exploit is “technically possible” but doesn’t see it as a major problem. This flaw is more down to new features than problems with the coding of Vista, and it shouldn’t be a problem for most people. Source: BBC News

System Name:	Jimmy 2004's PC
Processor:	S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard:	ASUS K8N
Cooling:	AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory:	1GB Kingston PC3200 (2x512MB)
Video Card:	Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Hard Disk:	500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Optical Drive:	LiteOn DVD & NEC DVD+/-RW DL
CRT/LCD Model:	Digimate 17" TFT (1280x1024)
Case:	Antec P182
Sound Card:	Audigy 4 + Creative Inspire T7900 7.1 Speakers
PSU:	Corsair HX520W
Software:	Windows XP Home

System Name:	Ez - 1st custom
Processor:	AMD Phenom x3 8450
Motherboard:	Asus m3a78-em
Cooling:	thermaltake mini typhoon :D aerogate fan controller
Memory:	6gb corsair xms 2 800mhz ddr2
Video Card:	xpertvision HD 4850 1GB ddr3 sonic 685/1000
Hard Disk:	Corsair 128gb SSD, 2x 250GB maxtor 16mb cache raid 0, 500gb 32mb cache storage
Optical Drive:	sony optiarc sata dvdrw + LG dvdrw 20x
CRT/LCD Model:	AMD surround view 2x e172fp 17" 1x dell e248wfp 24"
Case:	coolermaster elite 330
Sound Card:	creative audigy se
PSU:	hiper type r 580watt
Software:	Windows 7 x64

System Name:	MY PC
Processor:	E8400 @ 3.80Ghz > Q9650 3.60Ghz
Motherboard:	Maximus Formula
Cooling:	D5, 7/16" ID Tubing, Maze4 with Fuzion CPU WB
Memory:	XMS 8500C5D @ 1066MHz
Video Card:	HD 2900 XT 858/900 to 4870 to 5870 (Keep Vreg area clean)
Hard Disk:	2
Optical Drive:	2
CRT/LCD Model:	24"
Case:	P180
Sound Card:	X-fi Plantinum
PSU:	Silencer 750
Software:	XP Pro SP3 to Windows 7
Benchmarks:	This varies from one driver to another.

Feb 2, 2007, 04:02 PM	#4
bhaskar15 Join Date: Dec 2006 Posts: 130 (0.06/day) Thanks: 0 Thanked 0 Times in 0 Posts System Specs	hmm,this flaw isn't a risk for me. I mostly never use speech recognition while online. __________________ When u have power it shows. When u have TPU beside u, it rocks !! When u have GOD beside u, umm....he's gonna call u up there soon

Feb 2, 2007, 03:39 PM	#2
EviLZeD Join Date: Sep 2006 Posts: 649 (0.27/day) Thanks: 30 Thanked 48 Times in 44 Posts System Specs	hehe vista is so stable and bug free

Processor:	E6300 @ 2.13 ghz \|&\| E6300 2.13 ghz
Motherboard:	Asus P5B \|&\| Asus P5B
Cooling:	Artic Cooling Freezer 7 Pro\|&\|2x80mm fans in-case
Memory:	2x 512 mb 677 Ram DDR2 \|&\| 1gb Ram DDR2 677mhz
Video Card:	XFX 7950GT 256mb \|&\| ???
Hard Disk:	Seagate 80GB \|&\| Seagate 80GB
Optical Drive:	Sony DVD/CD writer \|&\| Lite-on DVD Writer
CRT/LCD Model:	Acer 19" LCD \|&\| ViewSonic VP920b 19"
Case:	XION III Black/Green \|&\| A plain case...
Sound Card:	Onboard \|&\| Dead..so onboard
PSU:	Antec TruePower Trio \|&\| OCZ GameXstream 600W
Software:	XP Pro 32bit, XP Pro 64bit, MS Vista Ultimate (REAL)

Feb 2, 2007, 04:15 PM	#5
tigger I'm the only one Join Date: Mar 2006 Location: HU5 1LL Posts: 7,214 (2.75/day) Thanks: 474 Thanked 951 Times in 780 Posts System Specs	i wont use speech anyway.and anyone remember how many bugs xp had at first? i'm using it as my primary os now too.it seems ok to me. __________________ http://img.techpowerup.org/110324/v6351cpuzvalj197.jpg ]Monster E6300 oc http://www.techpowerup.com/gallery/2163.html

System Name:	poor little craptop (HP Pavillion G6)
Processor:	AMD E2-3000M 1.8ghz
Motherboard:	3566 21.3A
Cooling:	stock
Memory:	ADATA 4gb 1333mhz SODIMM
Video Card:	ATI Radeon HD 6380G 512MB
Hard Disk:	Seagate ST950032 5AS 500GB sata
Optical Drive:	HP 208BB DVD R/CDRW sata
CRT/LCD Model:	15.6" 1366x768 widescreen+17" 1440x900 widescreen
Case:	hp laptop
Sound Card:	onboard
Software:	windows 7 home premium x64 genuine (for once)

Feb 2, 2007, 05:17 PM	#6
Benpi Banned Join Date: Dec 2006 Posts: 415 (0.18/day) Thanks: 6 Thanked 3 Times in 3 Posts System Specs	LoL, this isn't a hack. So basically if someone puts an audio clip on their website that says "Open My Docuoments, Delete, Empty Recycle Bin" and your speakers are loud enough to be picked up by a mic, and you happen to have voice recognition on, you'll lose your documents folder...... people just try to find things to write stories about. This is retarded.

Processor:	AMD X2 4400+
Memory:	2G
Video Card:	7950 GX2
Hard Disk:	2x 74g 10000rpm Raid:0
CRT/LCD Model:	Dell 1920x1200 widescreen
Software:	3dmark06 score: 7650

Feb 2, 2007, 05:35 PM	#7
lemonadesoda Eligible for custom title Join Date: Aug 2006 Posts: 5,337 (2.17/day) Thanks: 749 Thanked 960 Times in 710 Posts System Specs	This is hilarious! Can't imagine that Vista programmers were so short sighted. Easily solved with a patch. No speech recognition (command recognition) if SOUND OUT (no mic when playing). Easy to implement.

System Name:	ICE-QUAD // ICE-CRUNCH
Processor:	Q6600 // 2x Xeon 5472
Memory:	2GB DDR // 8GB FB-DIMM
Video Card:	HD3850-AGP // FireGL 3400
CRT/LCD Model:	2 x Samsung 204Ts = 3200x1200
Sound Card:	Audigy 2
Software:	Windows Server 2003 R2 as a Workstation

Feb 2, 2007, 06:07 PM	#8
WarEagleAU Bird of Prey Join Date: Jul 2006 Location: Gurley, AL Posts: 9,994 (3.98/day) Thanks: 3,810 Thanked 557 Times in 521 Posts System Specs	Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction. __________________ =-TheEagle-= http://www.heatware.com/eval.php?id=62454 “You crazy? Surfing any website without an antivirus is like freaking with a dirty woman without protection” -OzzmanFloyd120 - Edited for content and clarity

System Name:	Boddha Getta
Processor:	AMD FX 6100 @ 4.432Ghz @1.401V
Motherboard:	ASUS M5A99X EVO AMD 990X AMD SB950
Cooling:	Custom Water. EK 240MM Kit, Supreme HSF - Runs 35C
Memory:	2 x 4GB Corsair Vengeance White LP @ 1.35V
Video Card:	XFX Radeon HD 6870 900/1050 (no OC yet)
Hard Disk:	WD Caviar Black 1.0TB, WD Caviar Green 1.0TB, WD 160GB
Optical Drive:	Samung SH22SL 22X Lightscribe DVD+/-R/RW LG BDRE Reader/Burner Lite ON Max Burner for burning Xbox
CRT/LCD Model:	Asus VH222/S 22: (21.5" Viewable) 1920x1080p HDMI LCD Monitor
Case:	NZXT White Phantom
Sound Card:	Onboard Realtek 5.1
PSU:	NZXT Hale 90 Gold Cert 750W Modular PSU
Software:	Windows 7 Pro 64 bit.
Benchmarks:	5.9 Windows Index rating 3D06 - 17472

Processor:	DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard:	ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling:	PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory:	512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card:	BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Hard Disk:	Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Optical Drive:	SONY DRU-810a Double-Sided DvD burner
CRT/LCD Model:	SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case:	Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Sound Card:	RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
PSU:	Antec 500w ATX 2.0 "SmartPower" powersupply
Software:	Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)

System Name:	"Naked Ivy"
Processor:	i7-3570k Costa (4.7 Ghz 24/7), Now de-lidded and NAKED!
Motherboard:	GA-Z77X-UD5H (rev1.1)
Cooling:	SWTech 320 Rad, Modded 655 Pump, Koolance 345
Memory:	16GB 4x4 G.Skill CAS9 2133 Sniper
Video Card:	Powercolor HD 7870 (Core at 1200, 5% bump in voltage)
Hard Disk:	WD 320 / 500KS / 500KS / 640KS / 640LS / 640LS / 640LS / 1TBFAEX
Optical Drive:	LG DVD+-R
CRT/LCD Model:	24" DELL 2405FPW
Case:	Modded HAF 932
Sound Card:	Onboard + HD HDMI
PSU:	Corsair HX750 (love it)
Software:	Win 7 Ultimate
Benchmarks:	Almost stable @ 4.9 Ghz, working on benchies

Feb 2, 2007, 06:42 PM	#11
W1zzard Benevolent Dictator Join Date: May 2004 Location: Stuttgart, Germany Posts: 13,793 (4.18/day) Thanks: 184 Thanked 10,293 Times in 3,176 Posts System Specs	so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?

Processor:	Intel Core i7-2600K @ 3.4 GHz
Motherboard:	ASUS P8Z68-V Pro
Memory:	3x 2048 MB Mushkin DDR3
Video Card:	ASUS GeForce GTX 670 Direct CU II TOP
Hard Disk:	Crucial C300 128 GB, WD6400AAKS 640 GB, WD15EADS 1.5 TB
Optical Drive:	BenQ DW1640
CRT/LCD Model:	Dell U3011 30", 2560x1600 + 19" 1280x1024
Case:	NZXT H2
Sound Card:	On-board Realtek HD
PSU:	Kingwin Absolute Platinum 550 W
Software:	Windows 7 64-bit

Feb 2, 2007, 06:53 PM	#13
zekrahminator McLovin Join Date: Jan 2006 Location: My house. Posts: 6,280 (2.35/day) Thanks: 105 Thanked 340 Times in 246 Posts System Specs	You know, speech recognition shouldn't be allowed to do those functions anyways. __________________ “Just because you're hung like a moose doesn't mean you should do porn.”

Processor:	AMD Athlon 64 X2 4800+ Brisbane @ 2.8GHz (224x12.5, 1.425V)
Motherboard:	Gigabyte sumthin-or-another, it's got an nForce 430
Cooling:	Dual 120mm case fans front/rear, Arctic Cooling Freezer 64 Pro, Zalman VF-900 on GPU
Memory:	2GB G.Skill DDR2 800
Video Card:	Sapphire X850XT @ 580/600
Hard Disk:	WD 160 GB SATA hard drive.
Optical Drive:	Lite-On DVD-RW.
CRT/LCD Model:	Hanns G 19" widescreen, 5ms response time, 1440x900
Case:	Thermaltake Soprano (black with side window).
Sound Card:	Soundblaster Live! 24 bit (paired with X-530 speakers).
PSU:	ThermalTake 430W TR2
Software:	XP Home SP2, can't wait for Vista SP1.

Feb 2, 2007, 07:02 PM	#14
lemonadesoda Eligible for custom title Join Date: Aug 2006 Posts: 5,337 (2.17/day) Thanks: 749 Thanked 960 Times in 710 Posts System Specs	AGREED, speech recog should not have such commands. It should be to "enchance" not substitute use of keyboard and mouse. It should therefore be to improve workflow of common tasks, e.g. the user selects some text, and says "bold"... and hey presto, the format changes. That saves a lot of mouse movement or key clicks. But file commands... NO. Not unless it is designed for special purpose needs like "advanced handicapped input" for blind people. However, all it takes is for a meanie to walk into their room and say; "change password to Supercalifragilisticexpialidocius-muhaha-muhaha" followed by "Supercalifragilisticexpialidocius-muhaha-muhaha" "yes" "delete all pictures" "all" "delete all documents" "all" "logoff" OUCH Last edited by lemonadesoda; Feb 2, 2007 at 07:19 PM.

Feb 3, 2007, 12:37 AM	#16
Mussels Doctor Moderator Join Date: Oct 2004 Location: Bendigo, Australia (NOT THE USA) Posts: 34,561 (10.96/day) Thanks: 3,700 Thanked 8,697 Times in 6,394 Posts System Specs	"But i dont wanna format my C: drive!" Vista hears ' Format C:' Gotta admit - its bloody funny. __________________ Edumacational thread about PC Audio My external HDD's.5x samsung 1TB + 2x Seagate 1.5TB = 8 TB external storage 32 Bit OS vs 64 bit OS information How to get hardware accelerated H264 playback (DXVA) Netbook Owners United!

System Name:	Real Men use Real Cores!
Processor:	Phenom II x6 1090T: 3600Mhz undervolted (NB+HT at 2.6)
Motherboard:	Gigabyte 890FXA-UD5
Cooling:	Thermalright Ultra 120 Extreme (Lapped + ducted)
Memory:	8GB Corsair Dominator DDR3 - 1600Mhz 7-7-7-20 1.65V
Video Card:	AMD Radeon 5870 1GB Crossfire
Hard Disk:	Intel 520 SSD (120GB), 500GB OS + 18TB of storage (mostly external)
Optical Drive:	Samsung Blu Ray drive (SH-B083A)
CRT/LCD Model:	23.6" Samsung 1080P / Samsung 40" HDTV - 1360x768P
Case:	Coolermaster CM 690 II Advanced (non window)
Sound Card:	Auzentech X-Mystique (Logitech Z5500D + sennheiser HD555 + RE2's)
PSU:	Corsair HX 1000W
Software:	Windows 7 Ultimate x64 - kaspersky internet security 2013
Benchmarks:	Laptop: AMD A6 APU 1.4GHz @2.2GHz quad core + APU crossfire.Iphone 5, Samsung galaxy tab 2 7"

Processor:	i7 2600k@4.6ghz
Motherboard:	MSI z68ma-ed55
Cooling:	Silentx Extreem 120mm
Memory:	2x4gb XMS 7-8-7-20 1600
Video Card:	HD6870
Hard Disk:	2x128gb Kingston Hyper-X (Raid0), 2x750gb RE3 (RAID1), 2x750gb RE3 (RAID1)
Optical Drive:	24x DVDR-DL LG SATA
CRT/LCD Model:	Soyo 24", Gateway 22"
Case:	Fractal Design Arc Mini 6x120mm fans.
Sound Card:	Onboard
PSU:	Zalman 750w
Software:	Windows 7

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)