Personal tools

Number of visitors
since 27 March 2006
 
2007/03/09
Document Actions

Windows Vista Speech Recognition vulnerability

Click here to start saving with ING DIRECT!

Digg!

Some time back, there was a lot of discussion around the perceived vulnerability in Windows Vista due to the Speech Recognition feature. It was said that an attacker could remotely execute commands on your Vista machine by running an audio file containing the commands. I know that my post on this subject is quite late, but there was a lot of things going on with me to allow me to write on this. I think this is overhyped and it would be extremely difficult to exploit this. Here's why:

Being the curious types, I tried out the Speech Recognition feature the same day I learnt about it i.e. 31st January 2007. First of all, the Speech Recognition is not enabled by default and you require administrative intervention to enable the same. So you cannot do it remotely without the user of the system knowing it.

Just in case, the user has enabled the speech recognition, it is very hard to make the computer really understand what you are saying. You try to say one thing and it interprets it differently because no two persons pronounce a word in the same way. I really had a hard time trying to setup initially to make it understand what I am saying. The software requests you not to speak slowly and speak in the way you normally would. When I spoke in the normal speed, it did not understand most of the things I said and I am not that bad a speaker. Some people say that we Indian people speak a little too fast for comfort, but I think spending close to 5 years dealing with Americans, I have slowed down my speech speed and brought down the pitch of my voice by a notch or two.

Let's say you manage to teach your computer enough to completely recognise your voice. In that case, the attacker will have a hard time to execute commands using his / her voice with different pronunciation and accents. The attacker will have to somehow sound like the primary user of the system to really exploit this vulnerability.

Would an attacker be able to exploit this vulnerability by synthesizing the voice to sound robotic? At this point, I don't know and I don't think it is worth the effort to do all these things when easier vulnerabilities are available for exploiting and will keep on arising.

Category(s)
Windows
Information Security
The URL to Trackback this entry is:
http://www.dharwadkar.com/weblog/vista_speech/tbping
Add comment

You can add a comment by filling out the form below. Plain text formatting.

(Required)
(Required)

Microsoft Store

First of its kind - Hundreds of items a day
 
    This site is: