“Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders. Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail,” BBC News reports.
The Beeb reports, “In one scenario outlined by users a MP3 file of voice instructions was used to tell the PC to delete documents.”
“Microsoft said the exploit was ‘technically possible’ but there was no need to worry,” The Beeb reports.
The Beeb reports, “Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable. Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.”
Full article here.
Microsoft Vista Speech Demo:
MacDailyNews Note: Apple Macs have long had such speech recognition features, since well before Mac OS X debuted. Apple’s Speech Recognition method by default listens only if user-assignable key is pressed on the keyboard or if a specific user-assignable keyword is spoken before each command. An option does exist to allow Mac OS X to listen continuously with the keyword as “optional before commands.”
Apple recommends in their Mac OS X Security Configuration For Version 10.4 or Later document (a document we highly recommend that all Mac OS X Tiger users read): Mac OS X includes speech recognition and text to speech features, which are disabled by default. You should only enable these features if you’re working in a secure environment where no one else can hear you speak to the computer, or hear the computer speak to you. Also make sure there are no audio recording devices that can record your communication with the computer.
To securely configure Mac OS X Tiger’s Speech preferences:
1. Open Speech preferences.
2. Click the Speech Recognition pane, and set Speakable Items On or Off. Change the settings according to your environment.
3. Click the Text to Speech pane, and change the settings according to your environment.
Apple’s advice on Securing Universal Access Preferences:
Universal Access preferences are disabled by default. If you don’t use an assistive device, there are no security-related issues. However, if you do use an assistive device, follow these guidelines:
• See the device manual for prevention of possible security risks.
• Enabling VoiceOver configures the computer to read the contents under the cursor out loud, which might inadvertently disclose confidential data.
• These devices allow access to the computer that could reveal information in an compromising manner.
More about Apple’s Mac OS X Speech feature here.
More about Apple’s Mac OS X VoiceOver feature here.
See VoiceOver in action via QuickTime movie here.
[UPDATED: 5:35pm EST: Added Microsoft Vista Speech Demo video.]
Related article:
Microsoft Windows Vista demo goes bad – July 29, 2006
Setting up a brand spanking new HP laptop with Vista for office worker. Took almost 30 minutes for Vista to start-up the first time after doing some self-configuration stuff. After that, there were 13 Vista updates (mostly security) to do, then Norton kicked in to do its own updating. There goes 2 hours of my life.
This is supposed to be a leap ahead for Windows users? Sheesh.
And get this… to upgrade Vista Home Premium to Business costs C$250, just for some needed networking stuff. Outrageous greed-driven rip-off.
Talk about lipstick on a pig. MS will never get it.
Happy MacBook Pro user.
Been using Vista for three weeks at work. Got my (free) Vista upgrade today from Dell and installed it in my Inspiron. Took about 45 minutes, one reboot and I’m up and running.
Vista is not only a leap ahead of Windows XP, it makes OS X look rather dated and obsolete.
Happy Vista user.
Ohh, I want Vista speech recognition in my Atom. http://forum.atomclub.com/ That way it can be hijacked with a simple voice command.
Ballmer: “No operating system is as secure as it can be.”
PS Users: “OK, but is Vista as secure as it should be?”
Ballmer: “Next question.”
To OzzysZross101: Suggest you go look up the word “irony”.
Wouldnt it be great if you could just tell it to “delete Vista and install Mac OS X”.
M$’s new OS is 1 day old on retail release and it’s already fucked up…
…nothing new there I suppose (it is a Microsoft product after all).
rofl!!
HA HA HA HA HA HA HA … FORMER MAC USER is an anagram for FORUM SCREAMER
Try this A stuck fiver anagram.
Another anagram to try:
“Wow. Droll Snit.”
Devious interloper: “Delete file Finances 2007.”
Vista: “Delete Fine ants eleven.”
Devious interloper: “Delete file Finances.”
Vista: “Eat Thin pansies.”
Devious interloper: “Delete folder Finances 2007.”
Vista: “Defeat pin dances.”
Devious interloper: “Egads, Microsoft has the toughest security system ever.”
Vista: “Hags Microsoft Budapest immaturity blubber.”
Freakin’ brilliant!
Huh?: That was hysterical!
“Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.”
Definitely, these guys in Redmond do understand security!
pfffftttt
euhhhhoee pfffFEFFFFFFFTTTTTT
UHAHAHAHAHHAUHHAUHUHAHHAHAHAHUHAHHUHHAHHHHAHHHAHAHA
What a disgrace.
Unsquirted:
It seems that Microsoft has serendipitously generated a security feature that bests 128-bit encryption. Sadly, the most gifted minds in computer and electrical sciences today cannot fathom how this gibberish is actually produced. The most promising idea is the “Idiot Savant Hypothesis” that states the compilation of badly written code generates a subroutine of incredible resonance and mathematical complexity that performs a single function inexplicably yet flawlessly. Testing continues to see if other copies of Windows share this same phenomenon. To date, this is the only feature of Windows that has received an accredited “Wow!” certification by the American Society of Electrical and Computer Engineering.
Whahaha. Imagine the PC literally deleting itself. And then imagine it’s Steve Ballmer’s PC. With Steve Ballmer sitting in front of it. Whahahaha. Oh Lordy.