Windows Vista vulnerable to speech recognition attack
Last Updated: Friday, February 2, 2007 | 12:50 PM ET
CBC News
Related
Internal Links
External Links
- Sebastian Krahmer blog post
- George Ou blog post
- Adrian Stone's Microsoft Security Response Center blog post
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Microsoft Corp. is playing down reports that it is possible for an attacker to use the speech recognition function of its new Windows Vista operating system to execute commands on a personal computer.
The world's largest software maker has been touting stronger security features in the new OS. Consumer versions were launched on Jan. 30.
"While we are taking the reports seriously and investigating them accordingly, I am confident in saying that there is little, if any, need to worry about the effects of this issue on your new Windows Vista installation," Microsoft security response centre researcher Adrian Stone wrote in a post to the group's blog Wednesday.
In order for the attack to work, a potential victim would need to have the speech recognition feature activated, speakers and microphone turned on and be tricked into opening a file that plays audio commands or lured to a specially crafted web page that automatically plays an audio file when it loads.
"Of course, this would be heard and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation," Stone wrote, noting that it is not possible to use the vulnerability to perform "privileged functions" such as creating a user.
The vulnerability affects computers running Vista and not older versions of Windows, Stone wrote, because the new operating system's speech recognition features were designed to be more extensive and easier to use to help people with impaired or lower dexterity.
Sebastian Krahmer suggested the possibility of the vulnerability on his software blog C Skills, and it was subsequently tested and reported by ZDNet technology writer George Ou on his Real World IT blog.
Share Tools
Top News Headlines
- U.S. bank reforms could hurt Canadians, Flaherty fears
- Canada's finance minister and the governor of the Bank of Canada have formally complained to their American counterparts that proposed banking reforms could harm Canadian banks, business, investors and the government itself. more »
- CBC digital music service launches today
- CBC is diving into the world of online music with the goal of providing listeners access to their favourite tunes, and a way to discover new artists and connect with fellow music fans. more »
- Ontario teachers' union calls for classroom Wi-Fi ban
- Ontario's Catholic schoolteachers are calling for hardwire instead of Wi-Fi in classrooms. more »
- Whitney Houston was found unconscious underwater, police say
- Whitney Houston was underwater and apparently unconscious in a bathtub at the Beverly Hilton Hotel when found, Beverly Hills police said Monday. more »
- 'Disgusting' court backlog may free hit and run accused
- Adele wins best album, best record Grammys
- Whitney Houston autopsy results withheld
- Whitney Houston was found unconscious underwater, police say
- Ice road closed after 2 incidents
- CBC digital music service launches today
- Quebec town 'heartbroken' after killing of woman, sisters
- Manitoba wants ER death lawsuit thrown out
- Greece cleans up after anti-austerity riots
