George Ou writes: One gentleman on the Dailydave security mailing list started a discussion about the potential for exploiting Vista’s speech recognition feature by hosting malicious sound files on a website that would playback a series of audio commands to try to subvert the Operating System. The man didn’t actually test any of these theories, but raised an interesting concern about the safety of Vista’s speech command system.
I responded to the list explaining that an Operating System should filter out the sounds it picks up on the Microphone to avoid a nasty feedback problem, but it’s still possible for the Mic to pick up enough of the voice to run. Someone else responded that Apple tried similar functionality 15 years ago and quickly realized that they had to guard the feature with a keyword that needed to be spoken because people were playing gags with the “shutdown” command. But I have used speech command and realized that Vista only requires a static command so I proceeded to investigate with an actual test to test these theories.
Microsoft, Windows Vista, Speech Recognition, Flaw, remote execution flaw