“Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders. Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail,” BBC News reports.
The Beeb reports, “In one scenario outlined by users a MP3 file of voice instructions was used to tell the PC to delete documents.”
“Microsoft said the exploit was ‘technically possible’ but there was no need to worry,” The Beeb reports.
The Beeb reports, “Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable. Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.”
Full article here.
Microsoft Vista Speech Demo:
MacDailyNews Note: Apple Macs have long had such speech recognition features, since well before Mac OS X debuted. Apple’s Speech Recognition method by default listens only if user-assignable key is pressed on the keyboard or if a specific user-assignable keyword is spoken before each command. An option does exist to allow Mac OS X to listen continuously with the keyword as “optional before commands.”
Apple recommends in their Mac OS X Security Configuration For Version 10.4 or Later document (a document we highly recommend that all Mac OS X Tiger users read): Mac OS X includes speech recognition and text to speech features, which are disabled by default. You should only enable these features if you’re working in a secure environment where no one else can hear you speak to the computer, or hear the computer speak to you. Also make sure there are no audio recording devices that can record your communication with the computer.
To securely configure Mac OS X Tiger’s Speech preferences:
1. Open Speech preferences.
2. Click the Speech Recognition pane, and set Speakable Items On or Off. Change the settings according to your environment.
3. Click the Text to Speech pane, and change the settings according to your environment.
Apple’s advice on Securing Universal Access Preferences:
Universal Access preferences are disabled by default. If you don’t use an assistive device, there are no security-related issues. However, if you do use an assistive device, follow these guidelines:
• See the device manual for prevention of possible security risks.
• Enabling VoiceOver configures the computer to read the contents under the cursor out loud, which might inadvertently disclose confidential data.
• These devices allow access to the computer that could reveal information in an compromising manner.
More about Apple’s Mac OS X Speech feature here.
More about Apple’s Mac OS X VoiceOver feature here.
See VoiceOver in action via QuickTime movie here.
[UPDATED: 5:35pm EST: Added Microsoft Vista Speech Demo video.]
Related article:
Microsoft Windows Vista demo goes bad – July 29, 2006