Microsoft talks down speech recognition bug

By Clement James
Feb 5, 2007 9:22 AM
Tags: microsoft | talks | speech | recognition | bug

Vista feature could be used to hijack a PC.

Microsoft has admitted that the speech recognition feature in Windows Vista could be used to hijack a PC running the operating system.

The company said in a posting on the Microsoft Security Response Centre blog that an issue has been identified in which an attacker could use the speech recognition capability to cause the system to take "undesired actions".

"While it is technically possible, there are some things that should be considered when trying to determine the threat of exposure to your Windows Vista system," the posting said.

In order for the attack to be successful, Microsoft claimed that the targeted system would need to have the speech recognition feature previously activated and configured.

The system would also need to have speakers and a microphone installed and turned on.

The exploit would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete' or 'shutdown'.

The vulnerability relies on commands coming from an audio file being played through the speakers, and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation.

It is not possible through the use of voice commands to get the system to perform privileged functions, such as creating a user, without being prompted by Microsoft's User Account Control (UAC) for Administrator credentials. 

"The UAC prompt cannot be manipulated by voice commands by default," said the blog posting.

"There are also additional barriers that would make an attack difficult, including speaker and microphone placement, microphone feedback and the clarity of the dictation."
  • Email a Friend
  • Print Page
Microsoft talks down speech recognition bug
Related Listings
 

Copyright ©v3.co.uk

 


Comments

Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Comment:
Want to participate in the discussion?
Or log in now to comment


Top Stories
Interview: Peter Kazacos and the "wild west" of IT
CRN talks to Hostech chairman and industry veteran, Peter Kazacos.
 
Oceanus acquires IBM partner Erilis
Oceanus enters Australian market with acquisition.
 
Photos: Lenovo CEO awards Australian partners
Lenovo invited 120 business partners to a gala dinner at Sydney's Sergeants Mess in Chowder Bay last night.

Captions: From left to right
 
Shortcutsall you need to know on...
  • NBN 
  • Windows 7 
  • Unified Communications 
  • Smart Power 
  • Virtualisation 
Latest Comments
"Just a couple of minor corrections to the article. Editure is a Melbourne based company with a ..."
by Glen Gibson Mar 18, 2010 10:56 PM
 
"This result is the law! It even applies to the small telco sellers in the mall of a shopping ..."
by peter Mar 18, 2010 9:10 PM
 
"Additionally, any small business with growth (and competition) on their mind would do well to ..."
by bld Mar 16, 2010 9:54 PM
 
"Finally on line retailers having to behave like retailers. I have purchased quite a lot from ..."
by tonyh Mar 16, 2010 5:01 PM
 
"Lenovo products are excellent, even after moving away from the traditional IBM regime. All our ..."
by em3 Mar 16, 2010 3:44 PM
Polls
Have you experienced a problem when returning faulty goods to online retailers?


   |   View results
Never
  20%
 
Only once
  20%
 
All the time
  60%
TOTAL VOTES: 5

Vote now
CRN Magazine

Issue: 277 | March, 2010

CRN Magazine looks in-depth at the emerging issues and developments for the Channel, and provides insight, analysis and strategic information to help resellers better run their businesses.