Latest in Exploit

Image credit:

Remote "exploit" of Vista Speech reveals fatal flaw

Share
Tweet
Share
Save

Sponsored Links


Run for the hills, everybody, Windows Vista has been proven vulnerable to the hax0rs mere days after its release -- Steve Ballmer should clearly just give up now and resign while he still has a bit of dignity left. Or not. The vulnerability in question is hardly a hack at all, at least of the traditional variety, instead this one relies on you turning up your speakers and leaving your microphone on. See, the new Windows Speech Recognition in Windows Vista has all sorts of new abilities, but unlike Mac OS speech recognition of yore, no keyword is required to make your computer start listening to what you have to say, meaning any stray word could be interpreted as a command by Windows if it has the right tone and is within Vista's repertoire. Microsoft also hasn't done anything to ensure speech recognition doesn't listen to the sounds coming out of your computer via the speakers, all of which means that if you visit a malicious website with the speakers turned up and the mic turned on (and Speech Recognition loaded, of course) an audio file could wake SR, open Windows Explorer, delete the documents folder and then empty the recycle bin. Not exactly the most likely of occurrences, but certain security types are already up in arms, and Microsoft has confirmed the potential problem, but merely recommends users turn of their speakers and/or microphone, along with killing any apps trying to attack them with such verbage. Not the greatest vote of confidence, so perhaps we'll be seeing a fix for this from Microsoft before too long.

[Via Slashdot]

Read - Vista Speech Command exposes remote exploit
Read - Microsoft confirms

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
'Dragon Ball Z: Kakarot' arrives on January 17th, 2020

'Dragon Ball Z: Kakarot' arrives on January 17th, 2020

View
Nintendo is holding an online 'Mario Kart 8 Deluxe' tournament this Sunday

Nintendo is holding an online 'Mario Kart 8 Deluxe' tournament this Sunday

View
LinkedIn's new quizzes can prove you're not lying on your resume

LinkedIn's new quizzes can prove you're not lying on your resume

View
Rockstar rolls out its own PC games launcher

Rockstar rolls out its own PC games launcher

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr