Vista Speech Recognition has Flaw

Vista Speech Recognition has Flaw

Techtree News Staff, Feb 02, 2007 1712 hrs IST

Reportedly, a flaw has been detected in Microsoft's Vista operating system that could allow remote attackers to take advantage of the speech recognition feature.

E-Mail Print

Reportedly, a flaw has been detected in Microsoft's Vista operating system that could allow remote attackers to take advantage of the new system's speech recognition feature.

Microsoft said that its researchers are investigating the reports of a vulnerability that could allow an attacker to use the speech recognition feature to run malicious programs on Vista systems using prerecorded verbal commands.

The company also said that the speech recognition flaw is novel and notable for being the first publicized flaw in the new operating system since the public launch of Vista earlier this week.

It is, however, learnt that the impact of the flaw is expected to be small. Vista users would need to have the speech recognition feature enabled and have a microphone and speakers connected to their system.

Successful attackers would need to be physically present at the machine, or figure out a way to trick the computer's owner to download and play an audio recording of the malicious commands. But even then, the commands would somehow have to be issued without attracting the attention of the computer's owner. And finally, attackers' commands are limited to the access rights of the logged-on user, which might prevent access to any administrative commands.

A Microsoft security researcher also pointed out that verbal commands could not be used for privileged functions such as creating a new user or formatting a drive. Besides, there are also additional barriers that would make an attack difficult including speaker and microphone replacement, microphone feedback, and the clarity of the dictation.

Microsoft has also recommended that users who are concerned about having their computer shout-hacked should either disable the speaker or microphone, turn off the speech recognition feature, or shut down Windows Media Player if they encounter a file that tries to execute voice commands on their system.

Meanwhile, customers who believe that they have been shout-hacked can contact Microsoft Product Support Services.



(All fields are mandatory.)

Text Limit = 255 Characters

Type the characters you see in the picture below.

#

Characters are not case sensitive.

USER COMMENTS

Also, without innovation, technology would never move forward. Whether the change is good or bad, things must change in order to find a better way. I am all up for innovation and the competitiveness of Microsoft vs Apple vs Linux...we are all reaping the benefits of their competition and innovations! Why stop at Win98? Why not just use Win3.1...or DOS even? Forget those, just use a Commodore 64. People think of Operating Systems as a "Finished Product". OSes are works in progress, and if people think of them that way, they may accept the changes easier, knowing there will be another major version a couple years later.

by Mal, San Diego, on Feb 03, 2007 09:10 AM, Report abuse   Reply

I'm not sure everyone shares the need for innovation. Most of what I need to do with a computer, I did on my Timex-Sinclair - most of the advances end up being an opportunity to play. If I didn't have a computer to play on, I might go outdoors and lose some weight. Point being, whether change = improvement is relative to the user. Viewing an OS as a work in progress is a sensible view, if in fact Microsoft worked progressively. I saw this story about a Vista flaw a month ago: http://www.msnbc.msn.com/id/16548318/ The thing that got me was this quote: "The flaw affects older Windows systems, too, and Hypponen said vulnerabilities like these are quite common and can be fixed with a software patch, which Microsoft releases on the second Tuesday of each month except for the most serious threats." If it affects older systems (plural!), presumably it was already known? How did Microsoft manage to ship Vista without addressing threats from past versions of Windows? Accidents will happen, but Microsot coders seem to spend a lot of time wandering in traffic.

by Thomas Westgard, Chicago, on Feb 05, 2007 01:56 AM, Report abuse

.....shout-hacked......HAHAHAHAHAHAHA!!!

by meh, haa, on Feb 03, 2007 11:01 AM, Report abuse   Reply

This is THE lamest attempt to report a flaw I have ever seen. I am not an MS or Apple pusher, they are both great products, I like them both for different reasons (and Linux too!) but seriously... So, the hacker has to be physically at the computer and somehow not attract the attention of its owner. I think the dude sitting on your lap might give this effort away. For all you Mac Fanboys out there, if this is a flaw, then all Macs...and pretty much ANY OS have basically the same flaw...if a hacker goes and is physically present at a Mac and tricks the owner into opening ANY program, like say Safari...and it opens! Then well, I guess the Mac is flawed. There's got to be a line of what people call certain things flaws when it should be the common sense of the person using the OS. I really like the hard drive swap comment below...that's a good one too. One more thing...if you "trick" the user into doing anything, the user is flawed and should be educated. What's the old saying, "Fool me once..."

by Mal, San Diego, on Feb 03, 2007 08:56 AM, Report abuse   Reply

why is it that you just get used to one win operating system,the they go and change it again,give me win 98 any day

by haz, leeds, on Feb 03, 2007 05:23 AM, Report abuse   Reply

So, it's taken you FIVE years to "finally" learn how to use Windows XP? What has you confused? The fact that they changed the START button into a picture of the Windows Logo? If that's far too much for you to comprehend, you can always change the Vista Theme and the Start button back to Classic Mode.

by Mal, San Diego, on Feb 03, 2007 08:37 AM, Report abuse

Who da thunk it!! Another Flawless O.S. brought to us by Brotha Bill. Glad I wasted my hard earned $ !! Thanks Bill !

by R. Grapes, Canal Fulton, on Feb 03, 2007 05:29 AM, Report abuse   Reply

Thats the stupidist report I've ever seen. This is even worse than the hundreds of reports about how "no one seems to care about vista" how is it no one cares when every day the articles about it MAKE THE DAMN FRONT PAGE. This is not a "hack" (though I do like the phrase "shout-hacked", its like saying someone could hack your computer if they took out your hard drive, put in another hard drive with windows...put a password on your account and set it to log off after being idle for 30 min and your safe...shit this is like publishing an article saying that Vista has been hacked because you walked up to your friends computer and logged onto his account because he didn't put a password on it. My god...why publish this. I'm sure its going to be all over the news when I get home too...

by Ian, Austin, on Feb 03, 2007 02:10 AM, Report abuse   Reply

Every time a Windows OS comes out, it has errors. Why can't they just fix them before they release it, instead of after you buy it? Long live the iMac!!

by Gary Montague, dallas, on Feb 02, 2007 05:50 PM, Report abuse   Reply

Your comparison of the tow is flawed: Windows is an OS, iMac is a computer. I take it you don't dowload any of Apple's Security Updates to apply to your iMac?

by Alex, Verona, on Feb 02, 2007 08:06 PM, Report abuse

Ya Like the Mac does not have its problems... ever notice that OS 10 has 2x to 3x the patches then the previous versions of the OS? Not to mention that the level of integration between the OS and hardware on the MAC prevents the needed flexibility for many apps.

by SMan, Toledo, on Feb 02, 2007 10:17 PM, Report abuse

Easy fix to this. It is called Anti-VOX. We use it in amateur radio for hands free operation. The idea is you feed back some of the speaker audio to the input out of phase so you don't detect it!

by Bruce G, Plainview, on Feb 02, 2007 09:36 PM, Report abuse   Reply

I have issues with MS like everyone else but this is ridiculous. IT IS LIKE SAYING THAT THERE IS A SECURITY FLAW IN THE COMPUTER MOUSE. IF SOMEONE COULD GAIN PHYSICAL ACCESS TO THE MOUSE, WITHOUT THE OWNER'S CONSENT, THE HACKER COULD THEN GAIN ACCESS TO THE SYSTEM. IN FACT, I THINK THIS MOUSE "HACK" WOULD BE EASIER THAN THE VOICE RECOGNITION "BACKDOOR" OUTLINE ABOVE BECAUSE YOU CAN PERFORM THIS MOUSE HACK WITHOUT TALKING AND CAUSING MORE ALARM ! Ha

by Troy Henley, Columbus, OH, on Feb 02, 2007 08:42 PM, Report abuse   Reply

Give me a break, this is not a FLAW, but a clever use to existing technology. People aren't exploiting backdoors or writing code to break into computers, it's a voice control system responding to VOICE CONTROLS. It's like a universal remote working on your TV. Get a grip and choose a different word to more accurately describe this 'flaw'

by Mike, Chicago, on Feb 02, 2007 07:07 PM, Report abuse   Reply

Come on guys. Its about high time that you stop depending on other TECH sites for these kind of news articles. I read this article on a very popular site about 2 days ago. And this isnt happening for the first time. Every day I come across atleast 4 to 5 articles which have been copied from the other site.

by Sam, Mumbai, on Feb 02, 2007 06:56 PM, Report abuse   Reply

Simply press the tiny red button with the tip of a pen. Now, while holding the red button down, use your other hand to turn the green lever on the back of the unit. The lever is spring-loaded, so you'll need to hold it in place while you perform the next action. Using your teeth, open the lid by biting the front edge and lifting upward. Now, with your foot, push down on the main part of the unit. Once it's open, turn the entire unit upside-down (you'll need to lie on your back to do this--if you let go of the button or the lever, the lid will snap back into place) and shake the entire unit furiously. Your prize should drop out. If you have any problems with this simple procedure, please call technical support.

by Mark F., Seattle, on Feb 02, 2007 06:53 PM, Report abuse   Reply

old new's boring, nothing we didnt no before, and pointless, just one more way to take a stap at MS. iff someone got attacked because of this flaw they should send the PC back to the store.

by mick, milwaukee, on Feb 02, 2007 06:18 PM, Report abuse   Reply

You know I love how it is always Window's fault. I'm not saying Windows doesn't have its faults but come on! Are we going to claim that any computer than can accept voice commands is vulnerable? Because I believe speech recognition software has been around far longer than Vista. But this only gets pointed out because it's Windows.

by Adam, Rochester, on Feb 02, 2007 06:07 PM, Report abuse   Reply

Old news....... The problem was there in RC2 also..... but not rectified till now ... but anyway thank techtree to highlite this, as it is not too late........

by subhadeep, Hyderabad, on Feb 02, 2007 06:01 PM, Report abuse   Reply

Big deal man ... wonder if any of you have actually read through the advisory

by anonymouse, a, on Feb 02, 2007 05:56 PM, Report abuse   Reply

HOT STUFF

Sauerbraten
Nokia N97: Powerful and Has Great Features

Sauerbraten
Samsung Star GT-S5233A: Affordable Touch Phone

Sauerbraten
Contest: Win Red Faction: Guerrilla!

Sauerbraten
Firefox 3.5: First Look

Sauerbraten
iPhone 3.0 Hands-on

Close[x]