• We've upgraded our forums. Please post any issues/requests in this thread.

Vista Speech Recognition Flaw

Jimmy 2004

New Member
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#1
Three days after being released, the first major flaw has been published for Windows Vista. For anyone with speech recognition enabled, malicious websites or audio files could potentially give commands to hijack the PC and tell it to delete files. It works by playing commands such as shutdown, copy or delete through the speakers which could then be picked up by the microphone, causing the computer to carry out certain tasks. Microsoft admits that the exploit is “technically possible” but doesn’t see it as a major problem. This flaw is more down to new features than problems with the coding of Vista, and it shouldn’t be a problem for most people.

Show full news post
 

EviLZeD

New Member
Joined
Sep 14, 2006
Messages
815 (0.20/day)
Likes
47
System Name Ez - 1st custom
Processor AMD Phenom x3 8450
Motherboard Asus m3a78-em
Cooling thermaltake mini typhoon :D aerogate fan controller
Memory 6gb corsair xms 2 800mhz ddr2
Video Card(s) xpertvision HD 4850 1GB ddr3 sonic 685/1000
Storage Corsair 128gb SSD, 2x 250GB maxtor 16mb cache raid 0, 500gb 32mb cache storage
Display(s) AMD surround view 2x e172fp 17" 1x dell e248wfp 24"
Case coolermaster elite 330
Audio Device(s) creative audigy se
Power Supply hiper type r 580watt
Software Windows 7 x64
#2
hehe vista is so stable and bug free
 
Joined
Apr 21, 2005
Messages
6,885 (1.49/day)
Likes
1,501
System Name MY PC
Processor E8400 @ 3.80Ghz > Q9650 3.60Ghz
Motherboard Maximus Formula
Cooling D5, 7/16" ID Tubing, Maze4 with Fuzion CPU WB
Memory XMS 8500C5D @ 1066MHz
Video Card(s) HD 2900 XT 858/900 to 4870 to 5870 (Keep Vreg area clean)
Storage 2
Display(s) 24"
Case P180
Audio Device(s) X-fi Plantinum
Power Supply Silencer 750
Software XP Pro SP3 to Windows 7
Benchmark Scores This varies from one driver to another.
#3
This makes using AIM, yahoo messenger, etc a cautious thing indeed when speech recognition is enabled. Using the mic feature in these online chatting programs can re-create this very problem.

For example, you decide you want to use the mic feature instead of text messaging and you say:
Delete C.....
opposing user's response when balloon pops up on screen = :wtf: "how did you do that?"
......YES, continue
opposing user's response = :twitch: "wait, stop that!"
[user disconnected]

Wash, rinse, repeat.
 

bhaskar15

New Member
Joined
Dec 17, 2006
Messages
146 (0.04/day)
Likes
0
Processor E6300 @ 2.13 ghz |&| E6300 2.13 ghz
Motherboard Asus P5B |&| Asus P5B
Cooling Artic Cooling Freezer 7 Pro|&|2x80mm fans in-case
Memory 2x 512 mb 677 Ram DDR2 |&| 1gb Ram DDR2 677mhz
Video Card(s) XFX 7950GT 256mb |&| ???
Storage Seagate 80GB |&| Seagate 80GB
Display(s) Acer 19" LCD |&| ViewSonic VP920b 19"
Case XION III Black/Green |&| A plain case...
Audio Device(s) Onboard |&| Dead..so onboard
Power Supply Antec TruePower Trio |&| OCZ GameXstream 600W
Software XP Pro 32bit, XP Pro 64bit, MS Vista Ultimate (REAL)
#4
hmm,this flaw isn't a risk for me. I mostly never use speech recognition while online.
 

tigger

I'm the only one
Joined
Mar 20, 2006
Messages
10,476 (2.44/day)
Likes
1,673
System Name Black to the Core MKIV
Processor Intel I7 6700k
Motherboard Asus Z170 Pro Gaming socket 1151
Cooling NZXT Kraken X61 280mm radiator
Memory 2x8gb Corsair vengeance LPX 2400 DDR4
Video Card(s) XFX Radeon R9 290 4gb ddr5
Storage Patriot Blast 120gb ssd Boot and WD10EADX-22TDHB0 1TB Data
Display(s) Dell 2408WFP 24" 1920x1200
Case Nzxt IS 340
Audio Device(s) Asus xonar dsx pci-e
Power Supply Corsair CX750
Mouse Logitech G502
Software Win 10 Pro x64
#5
i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.
 

Benpi

New Member
Joined
Dec 14, 2006
Messages
415 (0.10/day)
Likes
3
Processor AMD X2 4400+
Memory 2G
Video Card(s) 7950 GX2
Storage 2x 74g 10000rpm Raid:0
Display(s) Dell 1920x1200 widescreen
Software 3dmark06 score: 7650
#6
LoL, this isn't a hack. So basically if someone puts an audio clip on their website that says "Open My Docuoments, Delete, Empty Recycle Bin" and your speakers are loud enough to be picked up by a mic, and you happen to have voice recognition on, you'll lose your documents folder...... people just try to find things to write stories about. This is retarded.
 
Joined
Aug 30, 2006
Messages
6,374 (1.55/day)
Likes
983
System Name ICE-QUAD // ICE-CRUNCH
Processor Q6600 // 2x Xeon 5472
Memory 2GB DDR // 8GB FB-DIMM
Video Card(s) HD3850-AGP // FireGL 3400
Display(s) 2 x Samsung 204Ts = 3200x1200
Audio Device(s) Audigy 2
Software Windows Server 2003 R2 as a Workstation now migrated to W10 with regrets.
#7
This is hilarious! Can't imagine that Vista programmers were so short sighted. Easily solved with a patch. No speech recognition (command recognition) if SOUND OUT (no mic when playing). Easy to implement.
 

WarEagleAU

Bird of Prey
Joined
Jul 9, 2006
Messages
10,809 (2.59/day)
Likes
529
Location
Gurley, AL
System Name Boddha Getta Boddha Getta Bah!
Processor AMD FX 6100 @ 4.432Ghz @1.382
Motherboard ASUS M5A99X EVO AMD 990X AMD SB950
Cooling Custom Water. EK 240MM Kit, Supreme HSF - Runs 35C
Memory 2 x 4GB Corsair Vengeance White LP @ 1.35V
Video Card(s) XFX Radeon HD 6870 980/1100
Storage WD Caviar Black 1.0TB, WD Caviar Green 1.0TB, WD 160GB
Display(s) Asus VH222/S 22: (21.5" Viewable) 1920x1080p HDMI LCD Monitor
Case NZXT White Switch 810
Audio Device(s) Onboard Realtek 5.1
Power Supply NZXT Hale 90 Gold Cert 750W Modular PSU
Software Windows 8.1 Profession 64 Bit
#8
Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.
 

Alec§taar

New Member
Joined
May 15, 2006
Messages
4,677 (1.11/day)
Likes
86
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
#9
Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.
"StRaNgE & UnUsUaL" attack vectors abound...

:)

* Odd, I agree, but VERY possible!

APK
 
Joined
Dec 6, 2005
Messages
9,800 (2.23/day)
Likes
3,785
Location
Manchester, NH
System Name Working on it ;)
Processor I7-4790K
Motherboard MSI Z97
Cooling Be Quiet Pure Rock Air
Memory 16GB 4x4 G.Skill CAS9 2133 Sniper
Video Card(s) Intel IGP (Dedicated GPU TBD)
Storage WD 320 / 500KS / 500KS / 640KS / 640LS / 640LS / 640LS / 1TBFAEX and a NAS with 2x2Tb WD Black
Display(s) 24" DELL 2405FPW
Case Rosewill Challenger
Audio Device(s) Onboard + HD HDMI
Power Supply Corsair HX750 (love it)
Mouse Logitech G5
Software Win 7 Pro
#10
i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.
Good point - remember history!!! (It almost ALWAYS repeats itself).
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,057 (3.44/day)
Likes
17,962
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#11
so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?
 

Alec§taar

New Member
Joined
May 15, 2006
Messages
4,677 (1.11/day)
Likes
86
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
#12
so you bring a borg infected tape recorder onto the enterprise and it plays back "initiate self destruct sequence" ?
Aha! See?

:)

* PROOF, that it "comes w/ the territory" in this field, that being a "Sci-Fi" fan IS truly, part of the mixture required... & that I am NOT THE ONLY ONE!

(LOL!)

APK
 
Joined
Jan 29, 2006
Messages
9,066 (2.09/day)
Likes
287
Location
My house.
Processor AMD Athlon 64 X2 4800+ Brisbane @ 2.8GHz (224x12.5, 1.425V)
Motherboard Gigabyte sumthin-or-another, it's got an nForce 430
Cooling Dual 120mm case fans front/rear, Arctic Cooling Freezer 64 Pro, Zalman VF-900 on GPU
Memory 2GB G.Skill DDR2 800
Video Card(s) Sapphire X850XT @ 580/600
Storage WD 160 GB SATA hard drive.
Display(s) Hanns G 19" widescreen, 5ms response time, 1440x900
Case Thermaltake Soprano (black with side window).
Audio Device(s) Soundblaster Live! 24 bit (paired with X-530 speakers).
Power Supply ThermalTake 430W TR2
Software XP Home SP2, can't wait for Vista SP1.
#13
:roll: You know, speech recognition shouldn't be allowed to do those functions anyways.
 
Joined
Aug 30, 2006
Messages
6,374 (1.55/day)
Likes
983
System Name ICE-QUAD // ICE-CRUNCH
Processor Q6600 // 2x Xeon 5472
Memory 2GB DDR // 8GB FB-DIMM
Video Card(s) HD3850-AGP // FireGL 3400
Display(s) 2 x Samsung 204Ts = 3200x1200
Audio Device(s) Audigy 2
Software Windows Server 2003 R2 as a Workstation now migrated to W10 with regrets.
#14
AGREED, speech recog should not have such commands. It should be to "enchance" not substitute use of keyboard and mouse. It should therefore be to improve workflow of common tasks, e.g. the user selects some text, and says "bold"... and hey presto, the format changes. That saves a lot of mouse movement or key clicks.

But file commands... NO. Not unless it is designed for special purpose needs like "advanced handicapped input" for blind people. However, all it takes is for a meanie to walk into their room and say;

"change password to Supercalifragilisticexpialidocius-muhaha-muhaha" followed by

"Supercalifragilisticexpialidocius-muhaha-muhaha"

"yes"

"delete all pictures"

"all"

"delete all documents"

"all"

"logoff"

OUCH :roll:
 
Last edited:

Jimmy 2004

New Member
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#15
Thats funny. I never thought about it like that. I wonder if this means that Dragon Naturally Speaking (which I think I bought version 4.0 from AOL a loooong time ago) has the same capacity to do such destruction.
It is true that this isn't actually Microsoft messing up so much as the fact that people won't bother exploiting things until they become mainstream - Firefox is (was?) a good example of this. Now it is actively being hacked, which is why it is relatively less secure than it used to be, same goes for voice control.

I think you guys are right - built in voice control shouldn't have such power... but then again, to stop things like this you would need to prevent it doing certain tasks from a command prompt ect. and you can see it might get difficult to prevent all the apps that might have the ability to delete files.
 

Mussels

Moderprator
Staff member
Joined
Oct 6, 2004
Messages
46,114 (9.57/day)
Likes
13,544
Location
Australalalalalaia.
System Name Daddy Long Legs
Processor Ryzen R7 1700, 3.9GHz 1.375v
Motherboard MSI X370 Gaming PRO carbon
Cooling Fractal Celsius S24 (Silent fans, meh pump)
Memory 16GB 2133 generic @ 2800
Video Card(s) MSI GTX 1080 Gaming X (BIOS modded to Gaming Z - faster and solved black screen bugs!)
Storage 1TB Intel SSD Pro 6000p (60TB USB3 storage)
Display(s) Samsung 4K 40" HDTV (UA40KU6000WXXY) / 27" Qnix 2K 110Hz
Case Fractal Design R5. So much room, so quiet...
Audio Device(s) Pioneer VSX-519V + Yamaha YHT-270 / sennheiser HD595/518 + bob marley zion's
Power Supply Corsair HX 750i (Platinum, fan off til 300W)
Mouse Logitech G403 + KKmoon desk-sized mousepad
Keyboard Corsair K65 Rapidfire
Software Windows 10 pro x64 (all systems)
Benchmark Scores Laptops: i7-4510U + 840M 2GB (touchscreen) 275GB SSD + 16GB i7-2630QM + GT 540M + 8GB
#16
"But i dont wanna format my C: drive!"

Vista hears ' Format C:'

Gotta admit - its bloody funny.
 
Joined
Jan 6, 2007
Messages
2,549 (0.64/day)
Likes
344
Location
Illinois
Processor i7 2600k@4.6ghz
Motherboard MSI z68ma-ed55
Cooling Silentx Extreem 120mm
Memory 2x4gb XMS 7-8-7-20 1600
Video Card(s) HD6870
Storage 2x128gb Kingston Hyper-X (Raid0), 2x750gb RE3 (RAID1), 2x750gb RE3 (RAID1)
Display(s) Soyo 24", Gateway 22"
Case Fractal Design Arc Mini 6x120mm fans.
Audio Device(s) Onboard
Power Supply Zalman 750w
Software Windows 7
#17
i wont use speech anyway.and anyone remember how many bugs xp had at first?

i'm using it as my primary os now too.it seems ok to me.
Yes and I also remember how much faster XP was before they "patched" all the "bugs". Maybe these "updates" are an excuse to modify a value on the "hidden system latency timer". :rolleyes: If Vista is such a pig now I can't imagine how slow it'll be after a few updates.

I don't think Vista will actually execute system commands from a voice command without some sort of verification prompt...can it? If so that's a major fuk-up on Micro$haft's part.