Microsoft says Vista speech recognition is safe

Author: Brett Thomas
Published: 1st February 2007
Comments (9) Stumble
Microsoft says Vista speech recognition is safe

"Speak to me!" - Vista's new speech recognition can be used maliciously, but not easily or reliably.

The concept of Vista's new and improved speech recognition features have been getting some odd looks lately. The tool isn't just useful for controlling your PC while you're not at the keyboard, it seems. It's also a good tool for a hacker to control it for you - at least, that's been the claim from security companies. Microsoft has finally come out to answer them, though, stating that Vista's speech recognition is secure.

Mostly.

It turns out, the security guys aren't totally all wet. However, it is certainly nowhere near as dangerous a claim as it was originally made out to be. First, it relies on users having the feature active and both a microphone and speakers on and in a favourable position. With that being assumed, some companies have had limited success with MP3 recordings that have either deleted files or sent a computer to a new web address, but the results are erratic and sometimes just downright awful.

As a form of dedicated troublemaking, it seems like this threat is minimal right out of the gate, and bound to be only less reliable as Microsoft gets to fixing it. Though the company assures users that it is taking the claims seriously, the boys at Redmond have already outlined the myriad tasks that cannot be done through speech recognition just based on the hotly discussed UAC, or User Access Control. Internet critics aren't entirely buying it, though, saying that once some zero-day workarounds to the UAC become plausible, this could turn into a whole lot larger problem than MS anticipated.

Do you have an idea about the speech recognition? Speak your piece in our forums.
Quote Sc0rian 1st February 2007, 21:37
still funny that vista got owned so quickly :)
Quote DXR_13KE 1st February 2007, 22:33
"SAY SOMETHING!!"
"WHAT?"
:p
Quote gpw111 1st February 2007, 23:10
Quote:
Originally Posted by DXR_13KE
"SAY SOMETHING!!"
"WHAT?"
:p

I hate that sooooooooooooo much. sites that have that advert should be banned :(
Quote Sterkenburg 2nd February 2007, 00:35
I think this isn't going to be a problem at all, at least not until people can hack Vista so that the entire basis of this exploit is the speakers conveniently pointing at the microphone.

Once someone makes Vista think that a sound file or something is actually coming in through the microphone, well THEN they have problems, because THEN they have Vista doing exactly what it is supposed to, responding to microphone input, and even then there are a great deal of things that the microphone control can't do, so my overall expectations for this exploit are that nothing will ever come of it.
Quote dyzophoria 2nd February 2007, 01:31
I think too many people are too busy finding exploits on vista just to trash it around, I too find that the exploit they mentioned is not that much of a threat, for one thing as mentioned by Sterkenburq, who the heck has the speakers perfectly aligned with the microphone? ( if from my understanding the exploit works by playing a sound thru the website of a would be attacker through the speakers), and wouldnt the you hear those commands comming out from your computer?, though its just me btw..
Quote f00dl3 2nd February 2007, 02:37
Set the website to say "revoke all licenses". :-D


Honestly, I can't wait until someone develops a virus that involves fooling the operating system to think that the user is downloading a "protected" music file, replicating a sort of tag over every file on the system stating it is an invalid licensed file, then having the O/S'es built-in DRM deleting everything on their hard disk.

Now that would be funny.
Quote DriftCarl 2nd February 2007, 07:11
who is going to have this enabled anyway? I will probably play around with it for like 10 minutes or so, but I imagine my typing and actually using keyboard shortcuts will be quicker than trying to instruct a computer to do it via voice.
I am not sure how many blind or poor sighted people will be upgrading to vista any time soon either, its not as if the new Visual Aero vista UI will be on top of their list of features.
Quote bilbothebaggins 2nd February 2007, 09:03
What I do not quite understand is how someone would get the PC to play a malicious sound file in the first place while nobody's there.
Wouldn't that first step already be the security breach?

whatever.
Quote Pricester 6th February 2007, 14:41
This isn't a Vista security flaw - it's a generic flaw with any speech recognition software. Ever since speech recognition came out, we've had the joke:

Hey Dave, what do you think of my new voice recognition software?
Hmm... format see colon slash queue slash you enter...
--Splat--

Now, all that's happened is voice recognition has become more widespread, so suddenly people are scared - but it's not Vista specific. The idea of embedded sound files on websites doing it is actually a pretty clever idea, but it's not dangerous.

Best solution - very low quality speakers, or headphones!

Mind you, I wouldn't mind seeing voice print identification on system commands - that would be cool!

Speaking of voice prints - I guess the old system where you had to train each command was a lot more secure, as it had built in "Owner only" style security! Does that make it more or less advanced?
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.