Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Remote Exploit of Vista Speech Control

kdawson posted more than 7 years ago | from the format-C-yes dept.

Security 372

An anonymous reader writes "George Ou writes in his blog that he found a remote exploit for the new and shiny Vista Speech Control. Specifically, websites playing soundfiles can trigger arbitrary commands. Ou reports that Microsoft confirmed the bug and suggested as workarounds that either 'A user can turn off their computer speakers and/or microphone'; or, 'If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition, and restart their computer.' Well, who didn't see that coming?"

cancel ×

372 comments

Sorry! There are no comments related to the filter you selected.

Most Important Part of the Announcement (5, Funny)

eldavojohn (898314) | more than 7 years ago | (#17843928)

Microsoft cautioned everyone not to play the song "Hit Me Baby One More Time" by Britney Spears on or near your computer while the mic is on.

Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising [theonion.com] .

Re:Most Important Part of the Announcement (5, Funny)

kannibal_klown (531544) | more than 7 years ago | (#17844150)

Worse yet!!!

One of the computer geeks at the Pentagon better not be watching any Star Trek episodes.

Computer. Initiate self destruct sequence. Authorization 1A 2B 3C

or (3, Informative)

www.sorehands.com (142825) | more than 7 years ago | (#17844214)

The geek watching Andromeda. "Fire all missles"

Re:Most Important Part of the Announcement (5, Funny)

Anonymous Coward | more than 7 years ago | (#17844846)

Authorization 1A 2B 3C
Hey! That's the authorization code on my luggage!

Re:Most Important Part of the Announcement (1)

Linker3000 (626634) | more than 7 years ago | (#17844292)

I'd be more worried about watching episodes of Dr Who online when the cybermen are involved.."delete..delete..delete".

There's also a joke about talking too loud near your computer to a colleague named Colin who's asked you which of several designs for a new brochure you prefer - but I can't be bothered to set the scene:

"Format C, Colin"

 

Re:Most Important Part of the Announcement (1, Insightful)

BrokenHalo (565198) | more than 7 years ago | (#17844936)

"Format C, Colin"

Probably a good idea, though. And while we're at it, since Microsoft recommends rebooting (again, sigh), perhaps it is wise to do so with an installation CD of [linux distro of choice] in the drive. Seriously, who wants Vista? More trouble than it's worth.

Re:Most Important Part of the Announcement (1)

asmiller1950 (625539) | more than 7 years ago | (#17844406)

"Insert disk labeled 'debian-31r4-i386-netinst' now."

Re:Most Important Part of the Announcement (1)

Hoi Polloi (522990) | more than 7 years ago | (#17844476)

Don't play the audio file that repeats "Buy v1gr1a! Buy v1gr1a!..."

Re:Most Important Part of the Announcement (5, Funny)

joshetc (955226) | more than 7 years ago | (#17844746)

Microsoft cautioned everyone not to play the song "Hit Me Baby One More Time" by Britney Spears on or near your computer while the mic is on.

Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising [theonion.com].
You should see what happened to the guy who played the Nirvana song "Rape Me".

Simpler "remote exploit" (1, Funny)

Anonymous Coward | more than 7 years ago | (#17843946)

Shout.

Hello Dave (-1)

Anonymous Coward | more than 7 years ago | (#17843958)

Shall we continue the game?

Suckage. (1)

The Neck (194515) | more than 7 years ago | (#17843996)

Sometimes you just can't come up, even if you try, with a better way to show how much something suck than to tell the public how you can fix it.

The Neck.
.

Re:Suckage. (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17844712)

Sometimes i like things in me.

The Anus

.

Yell Commands Across the Room (5, Funny)

ehaggis (879721) | more than 7 years ago | (#17844026)

Is that a remote exploit?

That's hardly an exploit (4, Insightful)

kahei (466208) | more than 7 years ago | (#17844030)


Taking a computer that obeys audio instructions, and playing it some audio instructions, is more of a 'duh' than an 'exploit'. But this problem is a very Good Thing. It can only mean:

-- EITHER people stop yakking on about voice computing, which has been the Way Of The Future since about 1935 or something
-- OR pressure is exerted on web designers to NOT make sites that start making noise the moment the page appears!

Either of these, but especially the latter, would be a big win. So here's to you, Mr. Exploit Finding Man!

Re:That's hardly an exploit (5, Funny)

just_another_sean (919159) | more than 7 years ago | (#17844110)

So here's to you, Mr. Exploit Finding Man!

Now there's a Bud commercial I'd like to hear.

Re:That's hardly an exploit (1)

jimstapleton (999106) | more than 7 years ago | (#17844252)

the probelm his, the exploiters/hackers will do this kind of thing even if told not to. Makes me think of the "_required" input names in cold-fusion forms *shudder*.

No, what we need is browsers that will let us force-mute things. What needs this more than anything else? Flash Player., since I think most browser has a "no audio" option anyway.

Re:That's hardly an exploit (5, Informative)

VertigoAce (257771) | more than 7 years ago | (#17844848)

The audio mixer in Vista is no longer based on different audio types (MIDI, CD Audio, WAV, etc). Instead, there is a volume slider and mute button for each application that makes sounds. So you can mute IE, AIM (those annoying video ads), and Windows itself, while still playing your music in WinAmp or WMP.

Re:That's hardly an exploit (1)

Anonymous Coward | more than 7 years ago | (#17844272)

or default to If playing audio then audio instructions listener = off

mind you this is such an advert for vista in disguise - what the computer understands you? wow! 'hello computer' isn't just a dream.

FFS

Re:That's hardly an exploit (2, Insightful)

morgan_greywolf (835522) | more than 7 years ago | (#17844842)

or default to If playing audio then audio instructions listener = off
Yes: for all of you fanbois out there saying "Oh, that's not an exploit!" pay attention to what the parent is saying! You gotta admit, it was huge oversight on Microsoft's part to not include any mechanism for turning off the accepting of audio instructions while playing audio, or at least to have a user-configurable option for protection against this exploit, defaulted to "On".

This is yet another case of Microsoft putting ease-of-use ahead of security and reliablity. We've all heard this song before. Same story, different Windows version.

Re:That's hardly an exploit (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17844304)

Even so, with Vista's new software audio stack, this is inexcusable. It should have been trivial to compare the input and output signals and filter out most of this automatically.

Re:That's hardly an exploit (4, Insightful)

gstoddart (321705) | more than 7 years ago | (#17844326)

-- EITHER people stop yakking on about voice computing, which has been the Way Of The Future since about 1935 or something
-- OR pressure is exerted on web designers to NOT make sites that start making noise the moment the page appears!
Or, we make browsers so they don't run every damned audio file, flash frigging plugin, executable, movie, or whatever that the idiot who made the site thinks I should hear/see/play with/click/download/execute or whatever.

There has never been any sound from a webpage that didn't make me want to immediately beat the person who wrote it with his own leg. I don't want to listen to your stupid MIDI file of whatever the fsck you think is cool on your web page.

There was never any good reason to embed sounds in web pages unless you have to click a button to specifically play it.

Cheers

Re:That's hardly an exploit (0)

Anonymous Coward | more than 7 years ago | (#17844718)

So either blind people are screwed or deaf people are screwed. Nice.

Explanation on the deaf people being screwed. HP business computers have "business sound" which is basically a mono speaker built into the case. The default is that the sound is on without hooking up extra speakers. I don't know if other lines/brands have the same thing or not, but HP definitely does. Unless they think to turn it off (maybe an office mate complains) they're going to get sound, and not even know it. I don't have Vista yet, so I don't know how it's set up, but if the voice command is on automatically or some other person turns it on...

Blind people? Voice recognition is a good thing. Also, turning down the sound is a bad thing.

Re:That's hardly an exploit (1)

GreyPoopon (411036) | more than 7 years ago | (#17844880)

Probably the best thing to do is to program the computer to recognize the speaker by their voice pattern, and only respond to commands from "registered" speakers. Note that this is not the same thing as training a speech recognition system in that you aren't teaching the computer to understand your words. Instead you are teaching the computer to distinguish your voice from others.

I tried to replicate the bug, but all I got was (5, Funny)

knightmad (931578) | more than 7 years ago | (#17844038)

c:> Dear aunt, let's set so double the killer delete select all: Command not found

Re:I tried to replicate the bug, but all I got was (5, Funny)

teslar (706653) | more than 7 years ago | (#17844538)

Lucky you. I was watching Star Trek First Contact in the living room and fifteen minutes after Picard told the Enterprise computer to initiate the self-destruct protocol, my laptop exploded!

Re:I tried to replicate the bug, but all I got was (1)

Yabol (970939) | more than 7 years ago | (#17844610)

I wonder how it responds to http://www.zombo.com/ [zombo.com] ?

amusing, but not much else (2, Insightful)

Thansal (999464) | more than 7 years ago | (#17844048)

If you computer starts spitting out voice commands, just create another sound that will interupt it.

Admitedly all I can think of is the Dilbert cartoon with Wally getting ticked at Dilbert having voice driven software.

Bug? (3, Insightful)

drinkypoo (153816) | more than 7 years ago | (#17844052)

I wouldn't call it a bug. I'd call it a very bad idea to use a microphone without a switch for voice recognition. Your television could theoretically do things on your computer. Does that sound like a possibility you want to entertain? Get a mic with a switch, or get rooted.

The Real Agenda of this Article? (4, Insightful)

ksalter (1009029) | more than 7 years ago | (#17844066)

All voice recognition software, no matter what platform, would suffer from this supposed "exploit". So why this article on Vista specifically? What is the real agenda here? Also, if the voice recognition software is trained for a specific user's voice, the chances of an exploit are reduced.

Re:The Real Agenda of this Article? (1)

Thansal (999464) | more than 7 years ago | (#17844164)

If I remember, a large point is that the vista one does NOT need training (this is not actualy all that new, there have been voice recognition things that don't need training for a little while now).

After all, training voice recognition software is long, tedius, and often pointless. The best thing I ever did with one was intentionaly training it horribly (readign something else instead of the text they gave me), and then seeing what would happen. (It wasn't all that interesting in all honesty)

Re:The Real Agenda of this Article? (1)

ksalter (1009029) | more than 7 years ago | (#17844434)

FWIW, if I remember from my beta testing, you could train the Vista recognizer for better performance.

Re:The Real Agenda of this Article? (1)

Bertie (87778) | more than 7 years ago | (#17844324)

Well, speaker verification is more than 99% reliable if you first get the user to say specific utterances a number of time so that you can build up a model of their voice patterns (such as ask them to count from one to ten three times or so). But most of this stuff's speaker-independent.

Anyway, the problem's not with the recogniser so much as how Microsoft's integrated it into the OS. You'd think they would have learned by now, but it seems they're still putting the user's convenience before sensible security precautions.

Re:The Real Agenda of this Article? (2, Insightful)

shark72 (702619) | more than 7 years ago | (#17844374)

"All voice recognition software, no matter what platform, would suffer from this supposed "exploit". So why this article on Vista specifically? What is the real agenda here? Also, if the voice recognition software is trained for a specific user's voice, the chances of an exploit are reduced."

Yup, this is an old one. There's an apocryphal tale of a user group meeting from long ago of a vendor demonstrating voice-control software and a smart aleck in the back of the room yelling "DEL *.*!" (or whatever the MS-DOS command was).

As you implied, the agenda is, of course, to have a laugh at Microsoft's expense. If they hadn't included voice control software, the opportunity would have been to point out that Microsoft spent $BIGNUM person-years working on Vista and didn't even include that feature. OSX's easy access to a shell prompt with root access is about as relevant an exploit as the voice control exploit, and the odds of a cat wandering into my house and walking on the keys in such a way to generate the wrong "rm" command are about the same as this Vista "exploit" happening to me. But, it's aways fun to have a laugh at Microsoft's expense, isn't it?

Re:The Real Agenda of this Article? (4, Informative)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#17844446)

All voice recognition software, no matter what platform, would suffer from this supposed "exploit". So why this article on Vista specifically?

This is untrue. Speech recognition software can be made to filter out anything coming in the mic that matches something going out the speaker channel. More simply, you can simply require all commands be preceded with an arbitrary word (like the computer's name). Call you computer "George" and then issue the command "George, kill dash nine star dot star." As opposed to "kill dash nine star dot star." Since the exploit writer won't know to include "George" their exploit fails almost all the time. This was a feature of MacOS 7, more than a decade ago, as I mentioned elsewhere.

Also, if the voice recognition software is trained for a specific user's voice, the chances of an exploit are reduced.

Depending upon the tolerance, this is entirely possible, but I don't see it as being as important or versatile as the other two methods I listed above. MS should have learned from the example of others.

Re:The Real Agenda of this Article? (1)

ksalter (1009029) | more than 7 years ago | (#17844596)

I would assume that most people would call their computer "Computer" and you could still exploit. Just like most people run .exe in their email attachments, etc. Social engineering could still exploit that technique, though I agree using an unknown prefix word would help. As to the "filtering out of anyting coming in the mic that matches something going out the speaker channel", basically you are talking about echo cancellation. That seems plausible to me, and on modern computers the hit on peformance would be fairly low. Do you know of any packages which incoporate this?

Re:The Real Agenda of this Article? (1)

ksalter (1009029) | more than 7 years ago | (#17844714)

As a follow-up, my experience with echo cancellation with telephony equipment (I write software professionally using them) tells me that there are some definite limitations to echo cancellation algorithms, and that I think that could be broken also at some point. The type of algorithm and the cost in performance would have to considered.

Re:The Real Agenda of this Article? (4, Funny)

billcopc (196330) | more than 7 years ago | (#17844676)

Voice control is fine, but having the computer react to its own output is ludicrous! You'd think Vista would be smart enough to recognize feedback... It's like having a retard talking into a mic that's hooked up to his own headphones.

Bob: "Bob go jump off a bridge"
Bob: "Who said that ?"
Bob: "I said that. Now jump!"
Bob: "Ok.. Aaaaaaaagh!"

Stupid.

Re:The Real Agenda of this Article? (1)

stewbacca (1033764) | more than 7 years ago | (#17844720)

Maybe the real agenda is to point out a brand new problem for Vista that is yet another 10-year old copied Macintosh feature?

Re:The Real Agenda of this Article? (2, Interesting)

xoyoyo (949672) | more than 7 years ago | (#17844866)

True, all speech recognition software *would* suffer from this exploit if the application designers hadn't thought about the likely scenarios in advance. I just checked the situation with my Mac, which comes with speech recognition built in (and has done since what, Mac OS 9?)

Nothing destructive is enabled by default: the worst you can do on a Mac is log yourself out, but that will keep everything running as it was before.

If you go to the Speech control panel you can, after putting your admin password in, enable Menu Bar actions which allow you to do things like trash files and restart the computer.

So by default the computer will just do helpful stuff, but if you really need full control over the OS through speech recognition (eg, you are disabled) you can enable it.

It's a good indicator of the different philosophies between the two OS vendors we also see in their approach to networking (this may have changed with Vista, I've not really been following it): Apple shut down everything by default and requires the user to open ports; windows boxes, on the other hand are wide open from first boot, have to have their ports shut down by a knowledgable user.

Voice controlled video player. Echo cancellation? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17844082)

I remember someone once announcing a voice controlled video player, and wondered what would happen when it played a video in which someone shouted "Stop!"

Microsoft's comments on the BBC site are poor. What microphone feedback? If it's not howling now it's not going to suddenly howl when someone tries this exploit. Clear dictation - but the attacker will make the dictation as clear as possible, and the consolation that the user will likely be in the room to hear it happening - what consolation is that?

A solution would be to use echo cancellation as used in phone systems to prevent output from the speaker being used on the microphone.

  - Richard

Format (4, Funny)

jlebrech (810586) | more than 7 years ago | (#17844126)

"Open Terminal For Matt See Yes Im sure Reice Tart!!"

I'm waiting for the audio exploit that responds to (2, Funny)

StressGuy (472374) | more than 7 years ago | (#17844132)

the phrase "Simon Says"

Re:I'm waiting for the audio exploit that responds (1)

bazorg (911295) | more than 7 years ago | (#17844372)

On OS X you can set "simon says" or anything you please as the trigger for the computer to accept what is said next as a voice command. "Beeatch" and "arrr!" are popular choices.

A few ideas. (1)

tg2k (895772) | more than 7 years ago | (#17844140)

Presuming the device drivers know what is being played, the system could try to detect that and mask it out if it comes back through the speakers. Or just disable speech recognition whenever audio is playing. An easy mute control for the browser would be nice as well. And, maybe security privileges even to play music? I'm sick of random websites that have to play ridiculous music when you visit them.

lip reading (0)

Anonymous Coward | more than 7 years ago | (#17844142)

You can switch the speakers off, but what if the crackers' webcam can still see their lips moving?


[Isert space oddysey 2001 music here]

Restart? Really? (1)

ignavusinfo (883331) | more than 7 years ago | (#17844146)

Why is it necessary to "restart [the] computer" to turn off speech recognition?

As for the "exploit" ... windows will cause your computer to explode if you douse it with gasoline and set it alight too. Should there be a warning label and slashdot story to point that out?

Re:Restart? Really? (1)

ultranova (717540) | more than 7 years ago | (#17844534)

As for the "exploit" ... windows will cause your computer to explode if you douse it with gasoline and set it alight too. Should there be a warning label and slashdot story to point that out?

If Windows came with a canister of gasoline and a lighter, then yes, there should.

It's a bit like with ActiveX: letting any website to execute arbitrary code in your machine is a bad idea, no matter what the underlaying OS. But only Windows does it by default.

A Solution (0)

Constantine XVI (880691) | more than 7 years ago | (#17844152)

A good way to fix this would be to make the user hold down a button or buttons (like maybe WinKey+Space or both mouse buttons). Then it doesn't work without you meaning to put in a command.

Re:A Solution (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#17844320)

A good way to fix this would be to make the user hold down a button or buttons (like maybe WinKey+Space or both mouse buttons). Then it doesn't work without you meaning to put in a command.

If you're pushing a button, you can just type the command and it will be faster. No, this problem was solved long ago. In MacOS 7, the built in speech recognition had the option that it only listened to commands preceded by an arbitrary word. I believe the default was, "computer, open slashdot" as opposed to "open slashdot." (It was cool, like Star Trek.) Since most geeks named their computers some obscure hostname you had commands like "cheesemonkey, open slashdot." Since the creator of a Web page exploit won't know that name, they have a hard time initiating commands.

Even better though is to filter out all output sounds from the input stream before processing. That way playing MP3s while working won't necessarily make the system nonfunctional, and you get the security benefit for free.

Re:A Solution (1)

alshithead (981606) | more than 7 years ago | (#17844926)

"A good way to fix this would be to make the user hold down a button or buttons (like maybe WinKey+Space or both mouse buttons). Then it doesn't work without you meaning to put in a command."

Kind of defeats the purpose of voice command though doesn't it? :)

We WANT those who are physically handicapped to be able to use the intarntet, eh?

Oh no... (0, Troll)

ifknot (811127) | more than 7 years ago | (#17844154)

I forsee an exponential rise in loud annoying web sites shouting commands :( A n other reason (if more were needed) not to vi$tarize

A Whole Decade of Nothing (4, Interesting)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#17844170)

More than ten years ago I was playing with the speech recognition software that shipped with MacOS 7 or something and I though being able to check my e-mail without getting out of bed was pretty cool. At the time I wrote something about the technology and predicted that speech activated commands would never take off until: 1, most audio people listened to was controlled by the computer, and 2, the computer was smart enough to filter out the sounds it was emitting before processing commands. At the time a lot of people listened to music from their computer and I imagine many still do. Why can't the computer ignore all that sound? It knows it is outputting it so why not filter it? It is sad that the same missing feature is still a problem, so many years later.

Re:A Whole Decade of Nothing (1)

stewbacca (1033764) | more than 7 years ago | (#17844660)

More sad than your story is the fact that speech recognition is being touted as a shiny new Vista feature.

Re:A Whole Decade of Nothing (4, Insightful)

xappax (876447) | more than 7 years ago | (#17844744)

Why can't the computer ignore all that sound? It knows it is outputting it so why not filter it?

The sound that is output by the computer sounds similar to us when re-received through the mic and played back, but to the computer it's a totally alien waveform. A lot of distortion happens between when the computer sends a digital signal to the sound card and when it receives an analog signal from your microphone - so basically, the computer may know what it's playing, but it has very little idea how it'll sound when it reaches the mic.

There are advanced filters and algorithms that can try to match and isolate particular patterns and "sounds" within a waveform, but they're not nearly as powerful as CSI would have us believe, and they also require far too much computing power to be run in realtime.

Of course, the obvious low-tech solution to this issue is to wear headphones, as people in recording studios have for decades.

Re:A Whole Decade of Nothing (4, Insightful)

Jerf (17166) | more than 7 years ago | (#17844768)

The easiest answer to this question is, try it.

Most simple schemes people come up with to address this are perfectly doable with a free sound program. Play some music, record the area while you're playing the music, then try your great idea. Like, you might think you can start out with inverting the source file and feeding it into the recording with a delay and modified amplitude. If you're really curious about this problem, this is a better way to learn about the difficulties then reading people on the internet, as, in my experience, you're quite likely to be skeptical about the explanations anyhow. The best (and in some sense, only true) explanations involve a lot of math.

I can offer you this meta-rule, though: If it were so easy, it would already have been done. Many things that I see people posting on Slashdot about "Why don't they just do this thing?" are covered by this rule.

So.... (1)

Vokkyt (739289) | more than 7 years ago | (#17844182)

suppose you write an executable that displays a simple image (let's assume everyone is thinking of goatse) and gives the executable a common title that the Voice Control may pick up; is this the new spam/spyware? Companies send out spyware that activate on common words that Vista picks up? Incidentally, initially I was reminded of Futurama: Farnsworth: "Shut up, friends. My Internet browser heard us saying the word "Fry" and it found a movie about Philip J. Fry for us. [The staff gather around.] It also opened my calendar to Friday and ordered me some French fries."

OS X? (1)

3.14159265 (644043) | more than 7 years ago | (#17844192)

I wonder how Apple goes around this problem...

Re:OS X? (0)

Anonymous Coward | more than 7 years ago | (#17844616)

1. You can set it so you have to say the computer's "name" before any command -- sort of like a password
2. Or you have to hold down ESC to say anything

Re:OS X? (0)

Anonymous Coward | more than 7 years ago | (#17844664)

You need to hit a key (configurable), or speak a name first.

"(esc) Tell me a joke"
'Knock Knock'

"Computer, tell me a joke"
'Knock Knock'

Re:OS X? (2, Interesting)

gkearney (162433) | more than 7 years ago | (#17844836)

I tried this on MacOS X version 10.4.8 (the latest version) I could not make the mac respond to voice commands being played from the speakers or from patching the sound out into a iMic. Here is what I did.

1. Ran the voice command option and configured it as apple suggests.
2. Made sure that the voice command understood my command by issuing several and getting the correct replys back from the system.
3. Recorded the command "What time is it?"
4. Played back the command with voice commands on.

The mac did not respond. I then tried the same thing with a patch cable between the output and a iMic USB audio adapter. It still would not respond from the recording bout will respond to my voice. I have no idea how Apple is able to distinguish where the voice is coming from.

In One Ear and Out the Other (1, Interesting)

Doc Ruby (173196) | more than 7 years ago | (#17844196)

The damn OS is playing the audio. The damn speech-rec software is doing echo cancellation. Vista should be testing its incoming audio to detect whether it matches any outgoing audio that Vista is playing. What an incredible load of bullshit.

The quality of MS security analysts working on Vista is revealed to be very dim by this explot. This kind of exploit and defect in the Vista multimedia architecture speaks very badly of the prospect for the next 5 years of MS operating systems. They're a plague.

Re:In One Ear and Out the Other (2, Insightful)

itsme1234 (199680) | more than 7 years ago | (#17844330)

"Vista should be testing its incoming audio to detect whether it matches any outgoing audio that Vista is playing."

I guess you never saw a room with more than one computer in it.

Re:In One Ear and Out the Other (1)

Doc Ruby (173196) | more than 7 years ago | (#17844556)

Of course I have, but it's very unusual (despite Slashdotters' geeky preferences). And most of those computer rooms have admins who can control the audio and security, even if they're just the kind of savvy user with multiple computers for their own use.

Mostly this will attack single users of single computers in their homes and offices. That threat can be mitigated in the single OS instance. There are other threats like the one you imply, but that's no reason not to fix the biggest one that is easier to deal with.

Maybe a good start, but not that easy (2, Insightful)

mopslik (688435) | more than 7 years ago | (#17844436)

Vista should be testing its incoming audio to detect whether it matches any outgoing audio that Vista is playing.

I imagine it's not quite so straightforward. You'd need to take into account room acoustics, hardware effects, generic ambient noises, or even other interfering sounds in the same room that could all interfere with a comparison of outgoing sound to incoming sound. It's very rare that you'd ever have a time where your outgoing sound file exactly matches one that is sensed coming from the speakers.

Re:Maybe a good start, but not that easy (1)

MindStalker (22827) | more than 7 years ago | (#17844832)

Doesn't matter just install the same speech recognition on the outgoing sounds. If the outgoing matches the incoming ignore it. Hell you don't even need speech recognition just classic sound pattern matching will do, a slight time delay and some small environmental changes won't fool most programs that do pattern matching.

Re:Maybe a good start, but not that easy (1)

Doc Ruby (173196) | more than 7 years ago | (#17844946)

The other reply [slashdot.org] has got it right. Just make Vista recognize the speech Vista is emitting as audio, and compare those recognized symbols to the recognized speech symbols coming through the microphone. It would be easy to tell that the same symbols are coming out the speakers as coming in the mic. In fact that should also increase the recognition of the speech actually originating in the room.

this makes for some fun sound files (2, Funny)

SashaMan (263632) | more than 7 years ago | (#17844200)

website sound: "All your base are belong to us"
Vista: "Do you want to reformat your hard drive?"
website sound: "All your base are belong to us"
Vista: "Are you sure you want to reformat?"
website sound: "All your base are belong to us"
Vista: "Reformatting.........."

Shit... (5, Funny)

thousandinone (918319) | more than 7 years ago | (#17844202)

I just watched 2001: A Space Odyssey on my machine... this may be my last post.

Re:Shit... (1)

VGPowerlord (621254) | more than 7 years ago | (#17844398)

Windows, open Pod Bay Doors.doc.
"I'm sorry Dave, I'm afraid I can't do that."

Re:Shit... (1)

Archangel Michael (180766) | more than 7 years ago | (#17844932)

"Windows, open iPod Bay City Rollers"

"I'm sorry Dave, I'm afraid I can't do that."

Nothing new here (5, Funny)

Ruprecht the Monkeyb (680597) | more than 7 years ago | (#17844204)

Years ago when I worked in a shop that used OS/2 (one late version of which included speech recognition), we used to play pranks on each other all the time using that 'feature'. Things like changing a startup sound to be two minutes of silence followed by a verbal shutdown command, or changing confirmation prompt sounds to be 'cancel'. Good fun. The random 'select all / delete / yes' was the best, though.

Hey, no need to panic... (3, Informative)

Bertie (87778) | more than 7 years ago | (#17844222)

I mean, look:

"Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played."

Yeah, nobody ever leaves their computer unattended.

And of course, it would be completely impossible for a Trojan to pipe appropriate sounds directly to the input buffer of the sound hardware, thus negating the need for it to be played through your speakers at all. As we all know, Windows is completely watertight against that sort of thing.

This raises an interesting possibility, though - what if you could confuse the recogniser itself into making false positives? You could, for example, persuade it to recognise silence as a command of your choosing.

Best way round this is probably to prevent people doing potentially destructive operations via voice commands. But if this isn't suitable, you could employ clever confirmation strategies, like "If you're sure you want to delete c:\windows, please say the following words..." with the words in question being drawn from a dictionary. No malware could anticipate the sequence (although I suppose you could set the recogniser to work against itself, by playing the text-to-speech engine's own output back to it and triggering recognition).

Hmm. Promises to be quite fun, this.

Re:Hey, no need to panic... (1)

Yetihehe (971185) | more than 7 years ago | (#17844600)

If you already have trojan on machine, why try to crack it with sounds?

Re:Hey, no need to panic... (1)

Bertie (87778) | more than 7 years ago | (#17844710)

Any hole's a goal, right?

By which I mean, if there's a vulnerability, exploiting it's as good as exploiting any other. Microsoft have spent a lot of time closing a lot of back doors in Vista, but this just opens up a great big new one.

Re:Hey, no need to panic... (0)

Anonymous Coward | more than 7 years ago | (#17844852)

If your program is already running on the computer why not just delete the files directly?

howto for Mac users (4, Informative)

sootman (158191) | more than 7 years ago | (#17844248)

to create malicious audio files with OS X (10.3 or later), fire up Terminal and use 'say':
$ echo "format sea slash you" | say -o evil.aiff
This makes your messages with a nice, clear, even voice--wouldn't want a bunch of 'um's and 'ah's borking up your exploit, now would you. :-)
`man say` for more options.

Fraternity Fun (5, Funny)

Zerth (26112) | more than 7 years ago | (#17844260)

If they don't prevent them from running arbitrary commands, you know 5 years in the future that every time term end comes around there will be some naked freshman running through the uni library/labs shouting "quit without saving! yes! reboot! yes! shutdown -h now!"

Pretty Silly (1)

ThinkFr33ly (902481) | more than 7 years ago | (#17844290)

There are so many mitigating factors with this that a successful exploit of this "bug" is extremely unlikely.

First of all, as was mentioned in the article, voice recognition cannot bypass User Account Control. So that immediately limits damage to the local profile.

Second, the user would see all of this happening and would have to remain silent for this to work. It's not like a piece of code executing. The commands are not particularly speedy. They would see dialogs flashing, hear the commands being spoken, and decide not to do anything about it. All it would take is the user saying something or turning down their speakers and it would likely be enough to stop things from proceeding.

The danger with this is extremely limited and unlikely. It certainly has some novelty value, though.

auto refresh (1)

cdn-programmer (468978) | more than 7 years ago | (#17844564)

All a website needs to do is set autorefresh and load the exploit page x minutes after the innocent page and only once.

Many users open a web page and walk away.

Time for that hit song, "Format Sea" (1)

192939495969798999 (58312) | more than 7 years ago | (#17844302)

Sailing, sailing over the format sea: /yes!

Every should know. (1)

www.sorehands.com (142825) | more than 7 years ago | (#17844314)

It was in Dilbert years ago. Can't remember which characters, but it had one showing the other their speech recognition system, and the other said what would happen if I said "DELETE ALL FILES"?

Yakking (2)

SilverJets (131916) | more than 7 years ago | (#17844316)

As my coworker said when I told him about this, "That's not hacking it's....yakking!"

(Or yacking for those who prefer the alternate spelling)

We've been waiting for this (and joking about it) (5, Funny)

Qbertino (265505) | more than 7 years ago | (#17844318)

Me and my friends have been waiting for this and joking about it since IBM Via Voice and Dragon Speak. A whole new era of IT pranks and cyberterrorisim awaits us. Imagine bursting into a room full of PCs and yelling

"FORMAT DRIVE C! CONFIRM!".

Instant fun.
Makes me feel all soft and gooshy inside just thinking of it. :-)

Predictions from the past ... (4, Funny)

Gopal.V (532678) | more than 7 years ago | (#17844346)

Userfriendly had predicted the fate of voice recognition six years ago - rm -rf / [userfriendly.org] and yet again ! [userfriendly.org] .

What about UAC (1)

mobby_6kl (668092) | more than 7 years ago | (#17844352)

Ok, I think the "exploit" is ridiculous, but what I do find interesting is how would it deal with UAC? If the commands ask the computer to do something dangerous, the system should prompt the user with the privilege elevation dialog which is on a separate secure desktop and so shouldn't react to anything but direct user input. Anybody tried that?

All right! (1)

manifoldronin (827401) | more than 7 years ago | (#17844362)

I for one welcome our new shout-format-c:\-across-the-room overlords.

Man, now I can't wait for the wide business adoption of vista. That would be the beginning of a new era in the history of office spanking.

Re:All right! (1)

manifoldronin (827401) | more than 7 years ago | (#17844452)

Man, now I can't wait for the wide business adoption of vista. That would be the beginning of a new era in the history of office spanking.
And apparently, improper sexual conduct in a modern office would be deemed far worse than any attempt to format others c:\, so I'll just settle with "office pranking".

this is HYSTERICAL (1)

sootman (158191) | more than 7 years ago | (#17844402)

So, the "solution" is to turn of speakers and/or microphone. This is the same MS whose solution to a recent Office exploit was "don't use Office for a couple days."

It's been said that the only secure computer is one that has been unplugged, encased in cement, and thrown in the ocean. I didn't know MS was planning to make this their official support policy. "Security flaws? No problem. Just DON'T USE IT AT ALL."

Wow, they're good.

And today's message (1)

Frozen Void (831218) | more than 7 years ago | (#17844422)

A:\Format C: /autotest

Shocked! (3, Funny)

Andrei D (965217) | more than 7 years ago | (#17844450)

I am shocked! Damn you Bill, I really believed you when you said Vista is "dramatically more secure than any other operating system released". My world view is turned upside down now :(

Best. Prank. Ever. (3, Funny)

copponex (13876) | more than 7 years ago | (#17844504)

Find office with 10 or 15 stations with shiny new copies of Vista. Verify through other means that mics and voice commands are on. Run in, and yell as loud as you can the commands that will shut down the machines. Don't run out yet!

Watch people panic at their keyboards. Listen to their gasps as the hard disk spins down and their monitors cut off, at which point they all stare at you. Wave. And then run.

Vista tech support (0)

Anonymous Coward | more than 7 years ago | (#17844632)

MS Staffer: Yeah, uh, just hold your phone up to the microphone.
Customer: OK. Hold on.
MS Staffer: <whispers>erase all files.
Customer: Oh my god! I think it's getting worse...did you do something?
MS Staffer: Uh, no. By the way, you have a bad hard drive...you're going to need to call Dell tech support to resolve this issue. Thanks for calling and have a nice day.

*click*

MS Staffer: Hey Jack! How many calls do I have to handle a day to get that juicy bonus?

Hmm.... (1)

Hosehead17 (466213) | more than 7 years ago | (#17844666)

Having played around with the speech recognition in Vista, it is very easy to turn the speech recognition off when you are not using it. I don't remember the precise phrase, but you just say something like "stop listening". A kid in one of my classes had a Mac and used speech recognition on it. When he was using speech recognition we would shout different phrases in an attempt to shut his machine down, among other things. I think we only got it to shutdown once, most of the time it didn't work b/c we were too far away, or he turned that feature off. I've had the same experience with Vista. This sounds like FUD to me.....

Correct me if I am wrong (1)

Karem Lore (649920) | more than 7 years ago | (#17844704)

Wouldn't you get feedback through your speakers before being able to do anything possibly damaging?

Oh the irony... (1)

stewbacca (1033764) | more than 7 years ago | (#17844782)

If you search Google for "Microsoft Vista speech control" the first hit gives you this gem:

"Windows Speech Recognition was built using the latest Microsoft speech ... you are always in control;"

meme crashes vista roll-out (0)

Anonymous Coward | more than 7 years ago | (#17844786)

what a superb meme this is I just knew vi$ta would have an exploit, I just didn't realise there wouldn't be any programming involved "the meme is mightier than the code" hype it up & shout it out!

Another Apple first! (0)

Anonymous Coward | more than 7 years ago | (#17844794)

Sigh. Microsoft's bug is just mimicing OSX, which recently had the same problem.

The Month of Apple Bugs: showing all the ways Apple continues to innovate!

Simple Fixes (0)

Anonymous Coward | more than 7 years ago | (#17844858)

1. Expect keyword before commands
2. If voice pattern is unknown await confirmation via ui dialog
3. Don't execute voice commands while outputting sound

I was EXPLOITED! (0)

Anonymous Coward | more than 7 years ago | (#17844872)

I had this all set up to test when the local walmart ad started playing on the TV.

As soon as the TV announced kid's pants were half off, Windows Media player came on playing the Michael Jackson MP3 Pretty Young Thing
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>