Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Exploit of Vista Speech Control

Posted by kdawson on from the format-C-yes dept.

An anonymous reader writes "George Ou writes in his blog that he found a remote exploit for the new and shiny Vista Speech Control. Specifically, websites playing soundfiles can trigger arbitrary commands. Ou reports that Microsoft confirmed the bug and suggested as workarounds that either 'A user can turn off their computer speakers and/or microphone'; or, 'If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition, and restart their computer.' Well, who didn't see that coming?"

4 of 372 comments (clear)

  1. A Whole Decade of Nothing by 99BottlesOfBeerInMyF · · Score: 4, Interesting

    More than ten years ago I was playing with the speech recognition software that shipped with MacOS 7 or something and I though being able to check my e-mail without getting out of bed was pretty cool. At the time I wrote something about the technology and predicted that speech activated commands would never take off until: 1, most audio people listened to was controlled by the computer, and 2, the computer was smart enough to filter out the sounds it was emitting before processing commands. At the time a lot of people listened to music from their computer and I imagine many still do. Why can't the computer ignore all that sound? It knows it is outputting it so why not filter it? It is sad that the same missing feature is still a problem, so many years later.

  2. Startup Sound by EricJ2190 · · Score: 5, Interesting

    Now I see why Microsoft doesn't want you to change the Vista startup sound.

  3. Re:That's hardly an exploit by xero314 · · Score: 3, Interesting

    Couldn't the system simply have a filter that removes the wave signature of what it is outputting before processing input as a command? This is relatively simple technology, as compared to voice recognition itself. You might have to re-calibrate if you move your speakers but I would think that is a small price to pay to not leave open the ability for a web site to control your system through an auto-playing wave file.

    Mind you this won't stop your roommate from yelling "Shut Down...Yes" just to piss you off. Or worse yet the guy you just fired yelling something more destructive on his way out of the office.

  4. Speech Researcher Here Confirms It by virtigex · · Score: 3, Interesting

    I have worked on both at Apple on PlainTalk and at MS Research on speech. When I was at Apple (around 1996) I poked my head into a co-worker's office who was testing PlainTalk and said loudly "Computer Shut Down". His computer then started shutting down. This "exploit" has been on the Mac since 1996 and nobody seems to have complained about it. I don't think it's a big deal.