Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Exploit of Vista Speech Control

Posted by kdawson on from the format-C-yes dept.

An anonymous reader writes "George Ou writes in his blog that he found a remote exploit for the new and shiny Vista Speech Control. Specifically, websites playing soundfiles can trigger arbitrary commands. Ou reports that Microsoft confirmed the bug and suggested as workarounds that either 'A user can turn off their computer speakers and/or microphone'; or, 'If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition, and restart their computer.' Well, who didn't see that coming?"

35 of 372 comments (clear)

  1. Most Important Part of the Announcement by eldavojohn · · Score: 5, Funny

    Microsoft cautioned everyone not to play the song "Hit Me Baby One More Time" by Britney Spears on or near your computer while the mic is on.

    Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising.

    --
    My work here is dung.
    1. Re:Most Important Part of the Announcement by kannibal_klown · · Score: 5, Funny
      Worse yet!!!

      One of the computer geeks at the Pentagon better not be watching any Star Trek episodes.

      Computer. Initiate self destruct sequence. Authorization 1A 2B 3C
    2. Re:Most Important Part of the Announcement by joshetc · · Score: 5, Funny

      Microsoft cautioned everyone not to play the song "Hit Me Baby One More Time" by Britney Spears on or near your computer while the mic is on.

      Several lawsuits already involve brutal crimes by computers against annoying young teeny bopper women. Although we can't act like we didn't see this coming, tension has been steadily rising [theonion.com]. You should see what happened to the guy who played the Nirvana song "Rape Me".
    3. Re:Most Important Part of the Announcement by Anonymous Coward · · Score: 5, Funny

      Authorization 1A 2B 3C
      Hey! That's the authorization code on my luggage!
    4. Re:Most Important Part of the Announcement by netsharc · · Score: 4, Funny

      Anyway, typing "format C:" in a running Windows doesn't work, because it will say "The volume is in use." (assuming Windows is on C:)...

      Don't believe me? Try it yourself. ;-)

      --
      What time is it/will be over there? Check with my iPhone app!
  2. Yell Commands Across the Room by ehaggis · · Score: 5, Funny

    Is that a remote exploit?

    --
    One ring to bind them - should probably have more fiber and less rings in their diet.
  3. That's hardly an exploit by kahei · · Score: 4, Insightful


    Taking a computer that obeys audio instructions, and playing it some audio instructions, is more of a 'duh' than an 'exploit'. But this problem is a very Good Thing. It can only mean:

    -- EITHER people stop yakking on about voice computing, which has been the Way Of The Future since about 1935 or something
    -- OR pressure is exerted on web designers to NOT make sites that start making noise the moment the page appears!

    Either of these, but especially the latter, would be a big win. So here's to you, Mr. Exploit Finding Man!

    --
    Whence? Hence. Whither? Thither.
    1. Re:That's hardly an exploit by just_another_sean · · Score: 5, Funny

      So here's to you, Mr. Exploit Finding Man!

      Now there's a Bud commercial I'd like to hear.

      --
      Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
    2. Re:That's hardly an exploit by gstoddart · · Score: 4, Insightful

      -- EITHER people stop yakking on about voice computing, which has been the Way Of The Future since about 1935 or something
      -- OR pressure is exerted on web designers to NOT make sites that start making noise the moment the page appears!
      Or, we make browsers so they don't run every damned audio file, flash frigging plugin, executable, movie, or whatever that the idiot who made the site thinks I should hear/see/play with/click/download/execute or whatever.

      There has never been any sound from a webpage that didn't make me want to immediately beat the person who wrote it with his own leg. I don't want to listen to your stupid MIDI file of whatever the fsck you think is cool on your web page.

      There was never any good reason to embed sounds in web pages unless you have to click a button to specifically play it.

      Cheers
      --
      Lost at C:>. Found at C.
    3. Re:That's hardly an exploit by VertigoAce · · Score: 5, Informative

      The audio mixer in Vista is no longer based on different audio types (MIDI, CD Audio, WAV, etc). Instead, there is a volume slider and mute button for each application that makes sounds. So you can mute IE, AIM (those annoying video ads), and Windows itself, while still playing your music in WinAmp or WMP.

    4. Re:That's hardly an exploit by bloobloo · · Score: 4, Funny

      Never? Not even Bananaphone?

    5. Re:That's hardly an exploit by Lanoitarus · · Score: 5, Funny

      Bud Light Presents...
      Real American Heroes (reaaalllll american heroooessss...)
      Today we salute you, Mr Computer Software Exploit Finder (computer software exploit fii-inder)
      While others are wasting away their lives drinking, dating, and and having fun, you're hunched over a screen, plowing through code.(hunch plow hunchie plow)
      You may not have seen the sun in days, but thats ok- you do this for the greater good.(greaaater goooo-ooodd)
      Only YOU could realize that a carefully crafted web favorites icon could potentially bring the world to its knees.(Down on its kneeee--eesss)
      So crack open an Ice Cold Bud Light, Oh Overload of Overflow, because without you, CmdrTaco would have to get a real job.

  4. I tried to replicate the bug, but all I got was by knightmad · · Score: 5, Funny

    c:> Dear aunt, let's set so double the killer delete select all: Command not found

    1. Re:I tried to replicate the bug, but all I got was by teslar · · Score: 5, Funny

      Lucky you. I was watching Star Trek First Contact in the living room and fifteen minutes after Picard told the Enterprise computer to initiate the self-destruct protocol, my laptop exploded!

    2. Re:I tried to replicate the bug, but all I got was by Overzeetop · · Score: 4, Funny

      It's not Vista's fault your laptop uses a Sony battery. MS can't be blamed for everything, you know.

      --
      Is it just my observation, or are there way too many stupid people in the world?
  5. The Real Agenda of this Article? by ksalter · · Score: 4, Insightful

    All voice recognition software, no matter what platform, would suffer from this supposed "exploit". So why this article on Vista specifically? What is the real agenda here? Also, if the voice recognition software is trained for a specific user's voice, the chances of an exploit are reduced.

    1. Re:The Real Agenda of this Article? by 99BottlesOfBeerInMyF · · Score: 4, Informative

      All voice recognition software, no matter what platform, would suffer from this supposed "exploit". So why this article on Vista specifically?

      This is untrue. Speech recognition software can be made to filter out anything coming in the mic that matches something going out the speaker channel. More simply, you can simply require all commands be preceded with an arbitrary word (like the computer's name). Call you computer "George" and then issue the command "George, kill dash nine star dot star." As opposed to "kill dash nine star dot star." Since the exploit writer won't know to include "George" their exploit fails almost all the time. This was a feature of MacOS 7, more than a decade ago, as I mentioned elsewhere.

      Also, if the voice recognition software is trained for a specific user's voice, the chances of an exploit are reduced.

      Depending upon the tolerance, this is entirely possible, but I don't see it as being as important or versatile as the other two methods I listed above. MS should have learned from the example of others.

    2. Re:The Real Agenda of this Article? by billcopc · · Score: 4, Funny

      Voice control is fine, but having the computer react to its own output is ludicrous! You'd think Vista would be smart enough to recognize feedback... It's like having a retard talking into a mic that's hooked up to his own headphones.

      Bob: "Bob go jump off a bridge"
      Bob: "Who said that ?"
      Bob: "I said that. Now jump!"
      Bob: "Ok.. Aaaaaaaagh!"

      Stupid.

      --
      -Billco, Fnarg.com
  6. A Whole Decade of Nothing by 99BottlesOfBeerInMyF · · Score: 4, Interesting

    More than ten years ago I was playing with the speech recognition software that shipped with MacOS 7 or something and I though being able to check my e-mail without getting out of bed was pretty cool. At the time I wrote something about the technology and predicted that speech activated commands would never take off until: 1, most audio people listened to was controlled by the computer, and 2, the computer was smart enough to filter out the sounds it was emitting before processing commands. At the time a lot of people listened to music from their computer and I imagine many still do. Why can't the computer ignore all that sound? It knows it is outputting it so why not filter it? It is sad that the same missing feature is still a problem, so many years later.

    1. Re:A Whole Decade of Nothing by xappax · · Score: 4, Insightful

      Why can't the computer ignore all that sound? It knows it is outputting it so why not filter it?

      The sound that is output by the computer sounds similar to us when re-received through the mic and played back, but to the computer it's a totally alien waveform. A lot of distortion happens between when the computer sends a digital signal to the sound card and when it receives an analog signal from your microphone - so basically, the computer may know what it's playing, but it has very little idea how it'll sound when it reaches the mic.

      There are advanced filters and algorithms that can try to match and isolate particular patterns and "sounds" within a waveform, but they're not nearly as powerful as CSI would have us believe, and they also require far too much computing power to be run in realtime.

      Of course, the obvious low-tech solution to this issue is to wear headphones, as people in recording studios have for decades.

    2. Re:A Whole Decade of Nothing by Jerf · · Score: 4, Insightful

      The easiest answer to this question is, try it.

      Most simple schemes people come up with to address this are perfectly doable with a free sound program. Play some music, record the area while you're playing the music, then try your great idea. Like, you might think you can start out with inverting the source file and feeding it into the recording with a delay and modified amplitude. If you're really curious about this problem, this is a better way to learn about the difficulties then reading people on the internet, as, in my experience, you're quite likely to be skeptical about the explanations anyhow. The best (and in some sense, only true) explanations involve a lot of math.

      I can offer you this meta-rule, though: If it were so easy, it would already have been done. Many things that I see people posting on Slashdot about "Why don't they just do this thing?" are covered by this rule.

  7. Shit... by thousandinone · · Score: 5, Funny

    I just watched 2001: A Space Odyssey on my machine... this may be my last post.

  8. Nothing new here by Ruprecht+the+Monkeyb · · Score: 5, Funny

    Years ago when I worked in a shop that used OS/2 (one late version of which included speech recognition), we used to play pranks on each other all the time using that 'feature'. Things like changing a startup sound to be two minutes of silence followed by a verbal shutdown command, or changing confirmation prompt sounds to be 'cancel'. Good fun. The random 'select all / delete / yes' was the best, though.

  9. howto for Mac users by sootman · · Score: 4, Informative

    to create malicious audio files with OS X (10.3 or later), fire up Terminal and use 'say':
    $ echo "format sea slash you" | say -o evil.aiff
    This makes your messages with a nice, clear, even voice--wouldn't want a bunch of 'um's and 'ah's borking up your exploit, now would you. :-)
    `man say` for more options.

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  10. Fraternity Fun by Zerth · · Score: 5, Funny

    If they don't prevent them from running arbitrary commands, you know 5 years in the future that every time term end comes around there will be some naked freshman running through the uni library/labs shouting "quit without saving! yes! reboot! yes! shutdown -h now!"

  11. We've been waiting for this (and joking about it) by Qbertino · · Score: 5, Funny

    Me and my friends have been waiting for this and joking about it since IBM Via Voice and Dragon Speak. A whole new era of IT pranks and cyberterrorisim awaits us. Imagine bursting into a room full of PCs and yelling

    "FORMAT DRIVE C! CONFIRM!".

    Instant fun.
    Makes me feel all soft and gooshy inside just thinking of it. :-)

    --
    We suffer more in our imagination than in reality. - Seneca
  12. Predictions from the past ... by Gopal.V · · Score: 4, Funny

    Userfriendly had predicted the fate of voice recognition six years ago - rm -rf / and yet again !.

    --
    Quidquid latine dictum sit, altum videtur
  13. I'm feeling anal today, so ... by spellraiser · · Score: 4, Insightful

    An exploit is, by definition, a successful manipulation of a bug/omission/hole/whatever in a computer system to make it perform something that it was not designed to do. Usually this term is only applied when said action is harmful or potentially harmful.

    What is being described here is the possibility of controlling the voice recognition system in Vista remotely to make it perform potentially harmful tasks. Furthermore, this functionality is not something that said system was designed to do; it was only designed to accept commands via microphone.

    Therefore, what is being described here is an exploit.

    Q.E.D.

    --
    I hear there's rumors on the Slashdots
  14. Bah... by eno2001 · · Score: 5, Funny

    I expect someone to come up with a site that says:

    "Start Internet Explorer"
    "Go aytch tee tee pee colon slash slash gee oh ay tee ess ee dot see ex"

    Brrr...

    --
    -"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
  15. MS Security Response Blog: Adrian responds by davidwr · · Score: 4, Informative

    Adrian responded to this on the Microsoft Security Response Blog.

    Issue regarding Windows Vista Speech Recognition

    Hey everyone this is Adrian and I am writing to try and clear up some concerns regarding a recently reported vulnerability in the Speech Recognition feature of Windows Vista. An issue has been identified publicly where an attacker could use the speech recognition capability of Windows Vista to cause the system to take undesired actions. While it is technically possible, there are some things that should be considered when trying to determine what the threat of exposure is to your Windows Vista system.

    He goes on to list reasons why this is not a major issue. The first being that voice commands have to be turned on and configured for this to work.

    He ends with

    While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation.

    I think he's right. If this was a serious problem, the MacOS and OS/2 "exploits" mentioned above would've received a lot more press. Still, I expect in a future version, the voice software will be smart enough to ignore the computer's own output.

    Personally, I don't like voice commands. They are necessary for users with certain impairments and useful for certain applications such as kiosks, but they are counterproductive in a shared-office environment and just plain weird on my desktop. Even on Star Trek - The Next Generation much of the computer input was via control consoles not voice.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  16. Startup Sound by EricJ2190 · · Score: 5, Interesting

    Now I see why Microsoft doesn't want you to change the Vista startup sound.

  17. Prior art by hweimer · · Score: 5, Funny

    Time to quote a usenet classic:

    Last year, out in California, at a PC users group, there was a demo of
    smart speech recognition software.

    Before the demonstrator could begin his demo, a voice called out from the
    audience:

    "Format c, return."
    "Yes, return."

    Damned short demo, it was.

    --
    OS Reviews: Free and Open Source Software
  18. You'll know your company is now a botnet... by sprior · · Score: 4, Funny

    When your machine room starts doing a gregorian chant...

  19. Next Mac Ad is even better by jgc7 · · Score: 5, Funny

    PC: Hi I'm a PC
    Mac: and I'm a Mac
    PC: I have a cool new feature called voice control.
    Mac: That is stupid. I have the Time-Machine which let's you recover old documents. Let's say you accidently delete the documents folder
    PC: Okay
    Mac: To get you documents back, all you have to do is slide the time machine back one minute.
    PC: Sounds cool, but cant you just get the documents out of the trash?
    Mac: Yes, but it works even if you accidentally empty the recycle bin

    --
    70% of statistics are made up.
    1. Re:Next Mac Ad is even better by curunir · · Score: 4, Funny

      Better yet, the next Mac ad could make light of this exploit.

      PC: Hi, I'm a PC.
      Mac: and I'm a Mac.
      PC: Now that I run vista, I can accept voice commands!
      Mac: Wow, that sounds cool. But what if someone tells you to punch yourself in the face?
                PC punches self in the face and nose begins to bleed
      PC: Ouch, that hurt!
      Mac: I'm sorry PC, I didn't realize that just telling you to do something like "poke yourself in the eye"...
              PC pokes finger into his eye
      Mac: ...or "begin sneezing incesantly"...
              PC starts to uncontrollably sneeze, the blood from his nose splattering everywhere
      Mac: ...would make you actually do it.
      PC: groan I'm sorry if I splattered on you.
      Mac: That's ok PC, I'm pretty immune to viruses, so I think I'll be alright.

      --
      "Don't blame me, I voted for Kodos!"