“Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders. Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail,” BBC News reports.
The Beeb reports, “In one scenario outlined by users a MP3 file of voice instructions was used to tell the PC to delete documents.”
“Microsoft said the exploit was ‘technically possible’ but there was no need to worry,” The Beeb reports.
The Beeb reports, “Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable. Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.”
Full article here.
Microsoft Vista Speech Demo:
MacDailyNews Note: Apple Macs have long had such speech recognition features, since well before Mac OS X debuted. Apple’s Speech Recognition method by default listens only if user-assignable key is pressed on the keyboard or if a specific user-assignable keyword is spoken before each command. An option does exist to allow Mac OS X to listen continuously with the keyword as “optional before commands.”
Apple recommends in their Mac OS X Security Configuration For Version 10.4 or Later document (a document we highly recommend that all Mac OS X Tiger users read): Mac OS X includes speech recognition and text to speech features, which are disabled by default. You should only enable these features if you’re working in a secure environment where no one else can hear you speak to the computer, or hear the computer speak to you. Also make sure there are no audio recording devices that can record your communication with the computer.
To securely configure Mac OS X Tiger’s Speech preferences:
1. Open Speech preferences.
2. Click the Speech Recognition pane, and set Speakable Items On or Off. Change the settings according to your environment.
3. Click the Text to Speech pane, and change the settings according to your environment.
Apple’s advice on Securing Universal Access Preferences:
Universal Access preferences are disabled by default. If you don’t use an assistive device, there are no security-related issues. However, if you do use an assistive device, follow these guidelines:
• See the device manual for prevention of possible security risks.
• Enabling VoiceOver configures the computer to read the contents under the cursor out loud, which might inadvertently disclose confidential data.
• These devices allow access to the computer that could reveal information in an compromising manner.
More about Apple’s Mac OS X Speech feature here.
More about Apple’s Mac OS X VoiceOver feature here.
See VoiceOver in action via QuickTime movie here.
[UPDATED: 5:35pm EST: Added Microsoft Vista Speech Demo video.]
Related article:
Microsoft Windows Vista demo goes bad – July 29, 2006
Let’s get Bill back on the Today Show to explain these innovative, first-to-market Vista features.
I got shafted by Microsoft! WOW!
My files are deleted! WOW!
I spent my kids food money on Vista just to get screwed! WOW!
I upgraded my PC and I still have to deal with Windows insecurities! WOW!
I’m just a tool of Microsoft! WOW! WOO. BOO. BOO HOO HOO.
Some clever malware creator should make a self-playing MP3 file that tells the PC to go the online Apple Store and buy a Mac for its user.
Unfortunately for Microsoft, most of the “innovations” in the Land of Windows is coming from the people who create Windows malware. But MS should take the credit for making the exploits so easy (and humorous).
I also heard the if told the Vista PC could tell itself to “Go fu*k youself”
While I realise this is a real issue, it strikes me as a bit FUDDY. I don’t think Mac users have to stoop too low to get the message out the Windows just isn’t necessary, plain and simple, and highly undesirable in a lot of ways.
This of course assumes that Vista speech recognition actually works.
Given previous demonstrations of Microsoft speech recognition, I don’t think anyone has anything to worry about.
Of course, if the voicde from the malicious web site sounded like a Kingon with a head cold breating helium, there is a chance that Vista would recognize that as the command to reformat your hard drive.
How nice that Microsoft thinks it would be likely that the user would be in the room so that he or she could actually hear AND see the files being deleted and the trash (I’m sorry, the recycle bin) being emptied. How many people would be able to react quickly enough to a voice command to stop such actions from happening? By the time the user figured out what was going on, it’s too late.
At least they would know what happened.
“I wonder if Vista can tell itself not to suck”
LOOOLLL
THAT is funnier’n HELL!!
must..not…laugh…
LOLOLOLOLOLOLOLOLOLOLOLOLLOLOL!!!!!!!!!!!!!!!!!!
(sorry, couldn’t help myself).
Jatt: Thank you. But I was referring to BG’s comment that the Vista flaw was no big deal because a user would almost always be in the room to hear the commands. If I left my office(without manually activating the SS), there’d be up to 15 minutes with no one in my office. I was saying BG was flat wrong to say a Doze user would always be nearby to hear the commands. Not in my example, particularly as I have a full office (not a cubicle) with a door. Close the door and you could do what you wanted to do on my Dozer.
M.I. IV: Redmond’s Revenge
“Your hard drive will self-destruct in five seconds.”
Yet more pro-Microsoft FUD from the lefty-commie islamic-terrorist athiest bad-teethed liberal-Brit BBC.
Reality Check,
That’s pretty funny.
I remember a joke from the pre-Windows DOS days. Bill Gates gets up to demonstrate the new voice recognition software for MS-DOS. Someone from the audience yells out “C colon backslash enter” and then another audience member yells out “delete star dot star enter”.
Wow.
They were right, wow.
“PC – delete thyself”
i miss the days when i used to say “my voice is my password!” to sign in to my machine.
Isn’t this a VISTA uninstall feature?
I’m sure I saw it listed somewhere in the feature list.
Reality Check, could you use any more journalistic buzzwords?
Maybe they’re not considered buzzwords, per se, but the way I see (and hear) it, people over-use words like terrorist, rape, nazi, communist, etc. and have absolutely no idea what the true meaning of those words are- and that they all don’t always apply in all situations.
But, as long as they feel smart using them, they will.
As for the exploit- Wow. It has started now.
MW: Can’t wait to see what new “features” are in the rest of Vista!
Wait until it can tell itself to turn ON-now that will be scarey!
“Computer: show me a joke.”
Boot Camp goes into Vista…
PC says: “Bill__Gate__is__the__Devil__and__Steve__Ballmer__is__Uncle__Fester.”
Microsoft: You’re rut. Our revenue stream.
I just NEVER get tired of that video. =)