Vista hole opens door to 'shout hacking'
- 02 February, 2007 09:19
- Comments
The honeymoon ended early for Microsoft's Vista operating system, after word spread Wednesday about a flaw that could allow remote attackers to take advantage of the new operating system's speech recognition feature.
Microsoft researchers are investigating the reports of a vulnerability that could allow an attacker to use the speech recognition feature to run malicious programs on Vista systems using prerecorded verbal commands, the company said in an e-mail statement.
The potential security hole was discovered after an online discussion prompted blogger George Ou to try out a speech-based hack. Ou reported on ZD Net on Tuesday that he was able to access the Vista Start menu and, conceivably, run programs using voice commands played over the system's speakers.
The speech recognition flaw is novel and notable for being the first publicized hole in the new operating system since the public launch of Vista on Tuesday.
The impact of the flaw, however, is expected to be small. Vista users would need to have the speech recognition feature enabled and have a microphone and speakers connected to their system. Successful attackers would need to be physically present at the machine, or figure out a way to trick the computer's owner to download and play an audio recording of the malicious commands. Even then, the commands would somehow have to be issued without attracting the attention of the computer's owner.
Finally, attackers' commands are limited to the access rights of the logged on user, which may prevent access to any administrative commands, Microsoft said in a statement.
Microsoft recommends that users who are concerned about having their computer shout-hacked disable the speaker or microphone, turn off the speech recognition feature, or shut down Windows Media Player if they encounter a file that tries to execute voice commands on their system.
Customers who believe they have been shout-hacked can contact Microsoft Product Support Services, the company said.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Avaya Deploys the Avaya Desktop Video Device with the Avaya Flare® Experience
- HP Imaging and Printing Services
- Customer Case Study: Yarra Valley Water Turns to Enterprise Software to Improve Information Flow
- Oracle Exadata Database Machine Warehouse Architectural Comparisons
- Server and Storage Optimization Techniques
- LG launching "L-Style" pre-paid smartphones from July
- CeBIT 2012: CHEP deploys Cloud to improve company integration
- Wednesday Grok: Microsoft’s browser lockout is to be pitied more than despised
- Privacy Act changes finally introduced to parliament
- Windows 8 touchscreen devices to be priced higher: Dell
-
NBN service plans won't cost consumers more: Conroy
-
Spotify music streaming hits Australian shores
-
Don't use Emacs, says Java's father
-
Brain drain: Where Cobol systems go from here
-
Spotify music streaming hits Australian shores
-
High Performance Switches and Routers
-
Big C++ with Wileyplus/WebCT Access Card
-
Building J2EE Applications with IBM Websphere
-
Windows Vista Para Dummies (Spanish Edition)
-
Linux Samba Server Administration (Craig Hunt Linux Library)
-
Illustrator Cs4 Bible
-
Great Web Typography
-
Ubuntu Linux Bible (Version 9.10 and 10.04) Third Edition
-
Managing and Maintaining a Microsoft Windows Server 2003 Environment for an Msca Certified on Windows 2000 (70-292)
Comments
Post new comment