A Security Flaw in Windows Vista Speech Recognition Feature

Welcome to ActiveAnalysis

Welcome to ActiveAnalysis.net!

To get full access to all Commentaries, the Discussion Forums and the Question and Answer section, either login, create an account using OpenID or register for a new account.

Navigation

OpenID Login

User login

All content is provided "as-is" and without warranty. Active Analysis, LLC shall have no liability or responsibility for any data posted on this site. Active Analysis, LLC is not liable for any financial losses or damages incurred as a result of data on this website.
Unless stated, works on this site are licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.

A Security Flaw in Windows Vista Speech Recognition Feature

Fri, 02/02/2007 - 04:05 — daniel

According to a recent article in Information Week the speech recognition feature in Microsoft's new OS, Windows Vista, contains a major security flaw. Apparently, pranksters were able to execute commands on a PC from a remote location through the use of audio files hosted on a website. For example, the audio file can say shut down, copy and delete and these commands were executed by the PC. There were even some reports that a person was able to create a recording that downloaded and executed a file from the Internet. Now that can be scary!
While Microsoft downplays this flaw it clearly shows that a PC running Windows Vista (with the speech recognition feature activated) is highly vulnerable. Thus far, Microsoft has not offered a security advisory in regards to this flaw but user groups are suggesting Vista users to change the settings so the speech rec feature does not automatically load when the OS boots. The security flaw can easily be remedied with education and a simple adjustment of the OS settings. I think the larger impact is that this sheds light on the vulnerability and power of voice applications and, as a result, more pranksters and fraudsters will be attracted to the relatively untapped area of voice applications. This can potentially lead to an uptick in vishing attacks, as well as an increase in the number of attacks on corporate voice applications.
The article can be found on http://www.informationweek.com/showArticle.jhtml;jsessionid=HEVAEGZT4AK2...

Average rating

(0 votes)

daniel's commentaries
Login or register to post comments

Site Tags:

Comments

Fri, 02/02/2007 - 15:53 — Dan Miller

One step forward, two steps back

It's a blessing and two curses to have Microsoft championing speech and integrating it so completely into the new suite of Vista-based productivity software. The blessing comes from the way it will blanket the world with speech-enabled applications that people use everyday and fulfill on Bill Gates vision of a much user interface that responds to spoken commands. He told John Stuart that Paul Allen and he discussed such possibilities back when they first thought of the perfect personal OS. Of course both of them thought we'd have rocket packs by now. The double curse involves the high profile that Microsoft lends to everything it bundles into Big Launches and the fact that it all of its new systems are Hacker Magnets. As you note, it's all easily fixed. Soon we'll have hardened, speech-enabled applications. . . And Rocket Pacs(TM) Dan Miller

Fri, 08/24/2007 - 11:38 — frida

I heard that there can not

I heard that there can not be any flaw but it turns out it helps its faults:( -------------------------------------------------------------------------------- Pitstop software