Remote Exploit of Vista Speech Control

An anonymous reader writes "George Ou writes in his blog that he found a remote exploit for the new and shiny Vista Speech Control. Specifically, websites playing soundfiles can trigger arbitrary commands. Ou reports that Microsoft confirmed the bug and suggested as workarounds that either 'A user can turn off their computer speakers and/or microphone'; or, 'If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition, and restart their computer.' Well, who didn't see that coming?"

Most Important Part of the Announcement

[eldavojohn]

Microsoft cautioned everyone not to play the song "Hit Me Baby One More Time" by Britney Spears on or near your computer while the mic is on.

Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising.

Re:Most Important Part of the Announcement

[kannibal_klown]

Worse yet!!!

One of the computer geeks at the Pentagon better not be watching any Star Trek episodes.

Computer. Initiate self destruct sequence. Authorization 1A 2B 3C

Re:Most Important Part of the Announcement

[joshetc]

Microsoft cautioned everyone not to play the song "Hit Me Baby One More Time" by Britney Spears on or near your computer while the mic is on.

Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising [theonion.com]. You should see what happened to the guy who played the Nirvana song "Rape Me".

Re:Most Important Part of the Announcement

Authorization 1A 2B 3C

Hey! That's the authorization code on my luggage!

Re:Most Important Part of the Announcement

[plopez]

who wants Vista?
billg, ballmer, hardware manufactures, virus writers, anti-virus vendors, spam bot operators, antispam software writers.... oh, you meant *humans*... in that case, none.

Re:Most Important Part of the Announcement

[darthnoodles]

I'm guessing they were already raped when Vista was installed.

Re:Most Important Part of the Announcement

[Opportunist]

Anti-Virus vendors certainly don't want Vista. You have NO idea what headache that system means to you if you have to include anything remotely resembling a driver in your product.

Personally, I'd be VERY happy if it vanished faster than it appeared. Erh... ok, considering the development time that isn't such a strong statement, but I'd be happy if it vanished faster than it installs. Erh... if it vanished faster than it boots. Erh...

Damn, can someone come up with a suitable analogy?

Re:Most Important Part of the Announcement

[asCii88]

You meant, if it vanished fasther than its first bug is found?

Re:Most Important Part of the Announcement

[Zonnald]

And of course you proceed that with.

"Hey, Colin, check out my new 'Start, Run, CMD, Enter'" (wtf) "Oh, I like Format C, Colin." (turns to the doorway where Bob has just arrived) 'Enter, Yes, Bob'.

Really it would seem a little bit more complicated then just throwing (or Squirting (tm)) a random phrase at the computer. I would imagine that the application with focus has to be able to interpret the phrase.

Re:Most Important Part of the Announcement

[netsharc]

Anyway, typing "format C:" in a running Windows doesn't work, because it will say "The volume is in use." (assuming Windows is on C:)...

Don't believe me? Try it yourself. ;-)

Simpler "remote exploit"

Shout.

Yell Commands Across the Room

[ehaggis]

Is that a remote exploit?

I tried to replicate the bug, but all I got was

[knightmad]

c:> Dear aunt, let's set so double the killer delete select all: Command not found

Re:I tried to replicate the bug, but all I got was

[teslar]

Lucky you. I was watching Star Trek First Contact in the living room and fifteen minutes after Picard told the Enterprise computer to initiate the self-destruct protocol, my laptop exploded!

Re:I tried to replicate the bug, but all I got was

[Overzeetop]

It's not Vista's fault your laptop uses a Sony battery. MS can't be blamed for everything, you know.

Re:That's hardly an exploit

[just_another_sean]

So here's to you, Mr. Exploit Finding Man!

Now there's a Bud commercial I'd like to hear.

Format

[jlebrech]

"Open Terminal For Matt See Yes Im sure Reice Tart!!"

I'm waiting for the audio exploit that responds to

[StressGuy]

the phrase "Simon Says"

this makes for some fun sound files

[SashaMan]

website sound: "All your base are belong to us"
Vista: "Do you want to reformat your hard drive?"
website sound: "All your base are belong to us"
Vista: "Are you sure you want to reformat?"
website sound: "All your base are belong to us"
Vista: "Reformatting.........."

Shit...

[thousandinone]

I just watched 2001: A Space Odyssey on my machine... this may be my last post.

Nothing new here

[Ruprecht+the+Monkeyb]

Years ago when I worked in a shop that used OS/2 (one late version of which included speech recognition), we used to play pranks on each other all the time using that 'feature'. Things like changing a startup sound to be two minutes of silence followed by a verbal shutdown command, or changing confirmation prompt sounds to be 'cancel'. Good fun. The random 'select all / delete / yes' was the best, though.

Fraternity Fun

[Zerth]

If they don't prevent them from running arbitrary commands, you know 5 years in the future that every time term end comes around there will be some naked freshman running through the uni library/labs shouting "quit without saving! yes! reboot! yes! shutdown -h now!"

We've been waiting for this (and joking about it)

[Qbertino]

Me and my friends have been waiting for this and joking about it since IBM Via Voice and Dragon Speak. A whole new era of IT pranks and cyberterrorisim awaits us. Imagine bursting into a room full of PCs and yelling

"FORMAT DRIVE C! CONFIRM!".

Instant fun.
Makes me feel all soft and gooshy inside just thinking of it. :-)

Predictions from the past ...

[Gopal.V]

Userfriendly had predicted the fate of voice recognition six years ago - rm -rf / and yet again !.

Shocked!

[Andrei+D]

I am shocked! Damn you Bill, I really believed you when you said Vista is "dramatically more secure than any other operating system released". My world view is turned upside down now :(

Best. Prank. Ever.

[copponex]

Find office with 10 or 15 stations with shiny new copies of Vista. Verify through other means that mics and voice commands are on. Run in, and yell as loud as you can the commands that will shut down the machines. Don't run out yet!

Watch people panic at their keyboards. Listen to their gasps as the hard disk spins down and their monitors cut off, at which point they all stare at you. Wave. And then run.

Re:The Real Agenda of this Article?

[billcopc]

Voice control is fine, but having the computer react to its own output is ludicrous! You'd think Vista would be smart enough to recognize feedback... It's like having a retard talking into a mic that's hooked up to his own headphones.

Bob: "Bob go jump off a bridge"
Bob: "Who said that ?"
Bob: "I said that. Now jump!"
Bob: "Ok.. Aaaaaaaagh!"

Stupid.

"Hi, I'm a Mac..."

[starglider29a]

The Vista replies, "And I'm a PC."

Bah...

[eno2001]

I expect someone to come up with a site that says:

"Start Internet Explorer"
"Go aytch tee tee pee colon slash slash gee oh ay tee ess ee dot see ex"

Brrr...

Re:That's hardly an exploit

[bloobloo]

Never? Not even Bananaphone?

Re:The Real Agenda of this Article?

[mrbcs]

I had this problem years ago. I was playing with something called verbex.. talk to your computer... it does stuff. You had to train it. It worked fairly well and freaked out visitors. I had it set up so that if I swore at a program (it was windows 95 after all) the computer would do an alt+F4. Funny stuff... until one day I'm on the phone and getting a bit... ummm.. upset. Apparently I was cursing a lot cause when I turned around.. my computer was off.

I removed the software after that.

Prior art

[hweimer]

Time to quote a usenet classic:

Last year, out in California, at a PC users group, there was a demo of
smart speech recognition software.

Before the demonstrator could begin his demo, a voice called out from the
audience:

"Format c, return."
"Yes, return."

Damned short demo, it was.

You'll know your company is now a botnet...

[sprior]

When your machine room starts doing a gregorian chant...

Re:That's hardly an exploit

[Lanoitarus]

Bud Light Presents...
Real American Heroes (reaaalllll american heroooessss...)
Today we salute you, Mr Computer Software Exploit Finder (computer software exploit fii-inder)
While others are wasting away their lives drinking, dating, and and having fun, you're hunched over a screen, plowing through code.(hunch plow hunchie plow)
You may not have seen the sun in days, but thats ok- you do this for the greater good.(greaaater goooo-ooodd)
Only YOU could realize that a carefully crafted web favorites icon could potentially bring the world to its knees.(Down on its kneeee--eesss)
So crack open an Ice Cold Bud Light, Oh Overload of Overflow, because without you, CmdrTaco would have to get a real job.

Next Mac Ad is even better

[jgc7]

PC: Hi I'm a PC
Mac: and I'm a Mac
PC: I have a cool new feature called voice control.
Mac: That is stupid. I have the Time-Machine which let's you recover old documents. Let's say you accidently delete the documents folder
PC: Okay
Mac: To get you documents back, all you have to do is slide the time machine back one minute.
PC: Sounds cool, but cant you just get the documents out of the trash?
Mac: Yes, but it works even if you accidentally empty the recycle bin

Re:Next Mac Ad is even better

[curunir]

Better yet, the next Mac ad could make light of this exploit.

PC: Hi, I'm a PC.
Mac: and I'm a Mac.
PC: Now that I run vista, I can accept voice commands!
Mac: Wow, that sounds cool. But what if someone tells you to punch yourself in the face?
          PC punches self in the face and nose begins to bleed
PC: Ouch, that hurt!
Mac: I'm sorry PC, I didn't realize that just telling you to do something like "poke yourself in the eye"...
        PC pokes finger into his eye
Mac: ...or "begin sneezing incesantly"...
        PC starts to uncontrollably sneeze, the blood from his nose splattering everywhere
Mac: ...would make you actually do it.
PC: groan I'm sorry if I splattered on you.
Mac: That's ok PC, I'm pretty immune to viruses, so I think I'll be alright.

Re:What is the Vista Equivlent

[Viceroy+Potatohead]

Nobody's really sure, but it happens with surprising regularity.

Thanks for the inspiration!

[Em+Adespoton]

PC: Hi I'm a PC
Mac: and I'm a Mac
PC: I have a cool new feature called voice control.
Mac: That is stupid. I've had secure voice control for years
PC: Yes, but with your primitive voice control, the statements had to be in the right format, see?
Mac: OK, but that's why we call it secure. The user has to select a keyword that will trigger the commands.
PC: ... Mac: I hope he has his XP install CD handy....

Or...

[Greyfox]

PC: Hi! I'm a PC!
Mac: And I'm a Mac!
PC: I have a cool new feature called Voice Control!
Mac: FORMAT C!

Re:More difficult but better...

[wirelessbuzzers]

Am I the only one who thought "Nam-shub of Enki" when I read this?

Yes.

Re:That's hardly an exploit

[complete+loony]

badger badger badger ...