Microsoft Vista Takes Orders From Anyone Who Yells At It
from the listen-up dept
As Microsoft pushes Vista out the door, the company has a lot riding on the claim that the new operating system is significantly better than previous versions of Windows, in terms of security. While there have been some scattered reports of flaws, which is always to be expected, many feel that the company has made good progress in securing its system. One new vulnerability comes from the fact that Vista has voice recognition capabilities, and that the user can speak commands to the computer through a microphone. George Ou decided to test the question of whether a website could play an audio file containing spoken commands and commandeer the user's computer. As it turns out, if the speech is clear enough, the computer will respond to commands that come out of its own speakers. The volume didn't even need to be too high. It's still not clear how much of a threat this really is. Many people won't even have this capability activated, and if you stumble onto a website that starts barking orders to your computer, you might realize something odd is going on. But, as with many online threats, an attacker doesn't need a high rate of success for a certain approach to be worthwhile. For Microsoft, it will probably be one of several security issues it will have to deal with down the road.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Speech recognition
[ link to this | view in chronology ]
When they had someone else voice, Vista didn't do anything.
Also is this any better then that Dragon software ?
[ link to this | view in chronology ]
WooT
Don't like my drm content? How about a track on a CD taht just lists a whole bunch of websites?
Nothing like a song singing about yahoo.com. how many browser windows can one song open? It can be like a contest amongst artists!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
That's cool. I hope the format command is not in the list of voice-activated ones.
"Please leave a message after the tone"
"FDISK!!"
[ link to this | view in chronology ]
what in hell
[ link to this | view in chronology ]
Re: what in hell
[ link to this | view in chronology ]
Vista voice recognition?
At this point in Vista's ability to recognize voice commands, I don't think I'd be too worried.
[ link to this | view in chronology ]
Tell you what. You type and I'll dictate into Dragon Naturally Speaking. Let's see who gets more done.
Speech Recognition is not just for disabled persons, dweeb.
I agree that the feature should not be installed by default. But if it works well and I did not have to pay something over and above my Windows cost, I'll be happy.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Oh come now...
[ link to this | view in chronology ]
You really think slower than you speak? You must be boring as hell to listen to. Personally, I can't imagine anyone calling themselves an "IT guy" that cant' type faster than they talk. Especially since revisions and changes to text is incredibly fast and easy with a keyboard, especially once you get beyond standard text and into programming (which you MUST do, IT guy).
Tell you what, YOU dictate into Dragon Naturally Speaking and I'll write a Rails app. We'll see who gets more done.
And voice command isn't installed OR activated by default. So really, this security "exploit" is less of a threat than dumb users ever will be.
You can't issue shell commands through it, you can only open and close windows, do very basic tasks. If exploited...inconvenient? Yeah. A "threat"? Hardly. It's not like someone could use it to issue, let alone CREATE malware on a remote system.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Settle down now...
Some of the best programmers I know are NOT touch-typists. Perhaps that is because they think more and type less.
I have been using Voice Recognition on and off since OS2 Warp. The only reason that I don't use it today is that the IT support folks won't let me install it. Since I don't write large amounts of prose, it's not a big deal.
Also programming is not a task that lends itself to VR as well as, say, creative writing.
So you're both right. Just because VR is not suitable for your particular application does not mean that it has no use.
[ link to this | view in chronology ]
Voice Commands
No one in the car but a conversation was in process!
[ link to this | view in chronology ]
Some things just can't be improved upon...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
the recursive clapper
[ link to this | view in chronology ]
speech command
I don't think she's alone. I can think of a lot of things I'd like to be able to just speak the commands for without slowing myself down by having to type or use the mouse. Sure, at a certain level of working on the innards of a box you'll need to start typing, but 99% of a user's day could be made much more productive by good speech recognition. (Yeah the guy above is right, there is a world of diff between speech recognition and voice recognition!)
And I think computers will someday be commanded much more by voice than keyboard. Voice is definitely a biometric, and combined with other biometrics, can be a good security system.
[ link to this | view in chronology ]
Other uses
[ link to this | view in chronology ]
Commercials
[ link to this | view in chronology ]
downloader
THe Speech recognition should have a feed from the sound card or if it added up the input to the sound card itself, and subtracted that from the audio-in, then they could reduce interference from music as well, which woul dbe a good thing.
THe idea of talking into the command prompt might not be a bad one, but I would personnaly like you to have to have to start it with a parameter (typed) to allow voice recognition the only problem would be pronouncing some of the codes. A good API would be nice, so that you can say any menu item name, and it is selected, as well as activating all the inbuilt keyboard shortcuts (so you just say "Help")
[ link to this | view in chronology ]
"My Computer"
"Enter"
"AllYOURBASEAREBELONGTOUS"
"Enter"
LoL, it's like an IWIN button for computer hackarz.
[ link to this | view in chronology ]