Latest in Exploit

Image credit:

Remote "exploit" of Vista Speech reveals fatal flaw

Paul Miller, @futurepaul
February 1, 2007
Share
Tweet
Share

Sponsored Links



Run for the hills, everybody, Windows Vista has been proven vulnerable to the hax0rs mere days after its release -- Steve Ballmer should clearly just give up now and resign while he still has a bit of dignity left. Or not. The vulnerability in question is hardly a hack at all, at least of the traditional variety, instead this one relies on you turning up your speakers and leaving your microphone on. See, the new Windows Speech Recognition in Windows Vista has all sorts of new abilities, but unlike Mac OS speech recognition of yore, no keyword is required to make your computer start listening to what you have to say, meaning any stray word could be interpreted as a command by Windows if it has the right tone and is within Vista's repertoire. Microsoft also hasn't done anything to ensure speech recognition doesn't listen to the sounds coming out of your computer via the speakers, all of which means that if you visit a malicious website with the speakers turned up and the mic turned on (and Speech Recognition loaded, of course) an audio file could wake SR, open Windows Explorer, delete the documents folder and then empty the recycle bin. Not exactly the most likely of occurrences, but certain security types are already up in arms, and Microsoft has confirmed the potential problem, but merely recommends users turn of their speakers and/or microphone, along with killing any apps trying to attack them with such verbage. Not the greatest vote of confidence, so perhaps we'll be seeing a fix for this from Microsoft before too long.

[Via Slashdot]

Read - Vista Speech Command exposes remote exploit
Read - Microsoft confirms






All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share

Popular on Engadget

SpaceX scales back plans for Starship's first high-altitude flight

SpaceX scales back plans for Starship's first high-altitude flight

View
Windows XP source code leak sheds light on Microsoft's OS history

Windows XP source code leak sheds light on Microsoft's OS history

View
SpaceX's reused rockets will carry national security payloads for the first time

SpaceX's reused rockets will carry national security payloads for the first time

View
Dark mode is coming to WhatsApp for Android

Dark mode is coming to WhatsApp for Android

View
The next Xbox is called Series X and it looks like a PC tower

The next Xbox is called Series X and it looks like a PC tower

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr