1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Vista Speech Recognition Flaw

Discussion in 'News' started by Jimmy 2004, Feb 2, 2007.

  1. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.55/day)
    Thanks Received:
    267
    Location:
    England
    Three days after being released, the first major flaw has been published for Windows Vista. For anyone with speech recognition enabled, malicious websites or audio files could potentially give commands to hijack the PC and tell it to delete files. It works by playing commands such as shutdown, copy or delete through the speakers which could then be picked up by the microphone, causing the computer to carry out certain tasks. Microsoft admits that the exploit is “technically possible” but doesn’t see it as a major problem. This flaw is more down to new features than problems with the coding of Vista, and it shouldn’t be a problem for most people.

    Source: BBC News
     
  2. EviLZeD

    EviLZeD New Member

    Joined:
    Sep 14, 2006
    Messages:
    818 (0.28/day)
    Thanks Received:
    47
    hehe vista is so stable and bug free
     
  3. EastCoasthandle

    EastCoasthandle New Member

    Joined:
    Apr 21, 2005
    Messages:
    6,889 (2.00/day)
    Thanks Received:
    1,505
    This makes using AIM, yahoo messenger, etc a cautious thing indeed when speech recognition is enabled. Using the mic feature in these online chatting programs can re-create this very problem.

    For example, you decide you want to use the mic feature instead of text messaging and you say:
    opposing user's response when balloon pops up on screen = :wtf: "how did you do that?"
    opposing user's response = :twitch: "wait, stop that!"
    [user disconnected]

    Wash, rinse, repeat.
     
  4. bhaskar15 New Member

    Joined:
    Dec 17, 2006
    Messages:
    146 (0.05/day)
    Thanks Received:
    0
    hmm,this flaw isn't a risk for me. I mostly never use speech recognition while online.
     
  5. tigger

    tigger I'm the only one

    Joined:
    Mar 20, 2006
    Messages:
    10,183 (3.28/day)
    Thanks Received:
    1,399
    i wont use speech anyway.and anyone remember how many bugs xp had at first?

    i'm using it as my primary os now too.it seems ok to me.
     
  6. Benpi New Member

    Joined:
    Dec 14, 2006
    Messages:
    415 (0.15/day)
    Thanks Received:
    3
    LoL, this isn't a hack. So basically if someone puts an audio clip on their website that says "Open My Docuoments, Delete, Empty Recycle Bin" and your speakers are loud enough to be picked up by a mic, and you happen to have voice recognition on, you'll lose your documents folder...... people just try to find things to write stories about. This is retarded.
     
  7. lemonadesoda

    lemonadesoda

    Joined:
    Aug 30, 2006
    Messages:
    6,252 (2.12/day)
    Thanks Received:
    963
    This is hilarious! Can't imagine that Vista programmers were so short sighted. Easily solved with a patch. No speech recognition (command recognition) if SOUND OUT (no mic when playing). Easy to implement.
     
  8. WarEagleAU

    WarEagleAU Bird of Prey

    Joined:
    Jul 9, 2006
    Messages:
    10,797 (3.60/day)
    Thanks Received:
    546
    Location:
    Gurley, AL
    Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.
     
  9. Alec§taar New Member

    Joined:
    May 15, 2006
    Messages:
    4,677 (1.53/day)
    Thanks Received:
    94
    Location:
    Someone who's going to find NewTekie1 and teach hi
    "StRaNgE & UnUsUaL" attack vectors abound...

    :)

    * Odd, I agree, but VERY possible!

    APK
     
  10. Sasqui

    Sasqui

    Joined:
    Dec 6, 2005
    Messages:
    7,644 (2.38/day)
    Thanks Received:
    1,402
    Location:
    Manchester, NH
    Good point - remember history!!! (It almost ALWAYS repeats itself).
     
  11. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,887 (3.94/day)
    Thanks Received:
    11,639
    so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?
     
  12. Alec§taar New Member

    Joined:
    May 15, 2006
    Messages:
    4,677 (1.53/day)
    Thanks Received:
    94
    Location:
    Someone who's going to find NewTekie1 and teach hi
    Aha! See?

    :)

    * PROOF, that it "comes w/ the territory" in this field, that being a "Sci-Fi" fan IS truly, part of the mixture required... & that I am NOT THE ONLY ONE!

    (LOL!)

    APK
     
  13. zekrahminator

    zekrahminator McLovin

    Joined:
    Jan 29, 2006
    Messages:
    9,114 (2.89/day)
    Thanks Received:
    321
    Location:
    My house.
    :roll: You know, speech recognition shouldn't be allowed to do those functions anyways.
     
  14. lemonadesoda

    lemonadesoda

    Joined:
    Aug 30, 2006
    Messages:
    6,252 (2.12/day)
    Thanks Received:
    963
    AGREED, speech recog should not have such commands. It should be to "enchance" not substitute use of keyboard and mouse. It should therefore be to improve workflow of common tasks, e.g. the user selects some text, and says "bold"... and hey presto, the format changes. That saves a lot of mouse movement or key clicks.

    But file commands... NO. Not unless it is designed for special purpose needs like "advanced handicapped input" for blind people. However, all it takes is for a meanie to walk into their room and say;

    "change password to Supercalifragilisticexpialidocius-muhaha-muhaha" followed by

    "Supercalifragilisticexpialidocius-muhaha-muhaha"

    "yes"

    "delete all pictures"

    "all"

    "delete all documents"

    "all"

    "logoff"

    OUCH :roll:
     
    Last edited: Feb 2, 2007
  15. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.55/day)
    Thanks Received:
    267
    Location:
    England
    It is true that this isn't actually Microsoft messing up so much as the fact that people won't bother exploiting things until they become mainstream - Firefox is (was?) a good example of this. Now it is actively being hacked, which is why it is relatively less secure than it used to be, same goes for voice control.

    I think you guys are right - built in voice control shouldn't have such power... but then again, to stop things like this you would need to prevent it doing certain tasks from a command prompt ect. and you can see it might get difficult to prevent all the apps that might have the ability to delete files.
     
  16. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,225 (11.61/day)
    Thanks Received:
    9,527
    "But i dont wanna format my C: drive!"

    Vista hears ' Format C:'

    Gotta admit - its bloody funny.
     
  17. Lazzer408

    Lazzer408

    Joined:
    Jan 6, 2007
    Messages:
    2,547 (0.90/day)
    Thanks Received:
    338
    Location:
    Illinois
    Yes and I also remember how much faster XP was before they "patched" all the "bugs". Maybe these "updates" are an excuse to modify a value on the "hidden system latency timer". :rolleyes: If Vista is such a pig now I can't imagine how slow it'll be after a few updates.

    I don't think Vista will actually execute system commands from a voice command without some sort of verification prompt...can it? If so that's a major fuk-up on Micro$haft's part.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page