Talking security vulnerability in Vista

Windows Vista's speech recognition system can be misused remotely to send unauthorised commands to a computer. As Microsoft has since confirmed, a website could, for example, play back an audio file over the system loudspeakers, which would be interpreted as user commands by an activated speech recognition system. George Ou, who developed the vulnerability discovered by Sebastian Krahmer into a demo exploit, has apparently succeeded in issuing simple spoken commands to a Vista system at medium volume using this technique.

The practicability of this exploit method is, however, not yet proven. If the computer suddenly begins to emit loud speech commands on, for example, visiting a website, most users will, after a brief moment of astonishment, take appropriate counter-measures. In addition, downloading and running a file from the internet, for example, requires a rather lengthy and complex sequence of spoken commands, which a speech recognition system trained to a different voice will not necessarily interpret correctly. It is also not possible, according to Microsoft, to circumvent User Account Control (UAC), which offers protection from execution of administrative commands, using speech recognition.

To get round the vulnerability, George Ou has suggested to the vendor that the speech recognition software should completely filter out that part of the signal emitted by the system speakers. The speech recognition software already has such a feature to prevent feedback, but the attenuation of the speaker signal is clearly not sufficient to prevent commands from being executed. Microsoft has advised users of the speech recognition feature to disable the speakers or the microphone when they leave the computer unattended.

See also:

• Vista Speech Command exposes remote exploit, blog entry by George Ou
• Microsoft confirms Vista Speech Recognition remote execution flaw, blog entry by George Ou

(ehe)