Microsoft talks down speech recognition bug

By

Vista feature could be used to hijack a PC.

Microsoft talks down speech recognition bug
Microsoft has admitted that the speech recognition feature in Windows Vista could be used to hijack a PC running the operating system.

The company said in a posting on the Microsoft Security Response Centre blog that an issue has been identified in which an attacker could use the speech recognition capability to cause the system to take "undesired actions".

"While it is technically possible, there are some things that should be considered when trying to determine the threat of exposure to your Windows Vista system," the posting said.

In order for the attack to be successful, Microsoft claimed that the targeted system would need to have the speech recognition feature previously activated and configured.

The system would also need to have speakers and a microphone installed and turned on.

The exploit would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete' or 'shutdown'.

The vulnerability relies on commands coming from an audio file being played through the speakers, and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation.

It is not possible through the use of voice commands to get the system to perform privileged functions, such as creating a user, without being prompted by Microsoft's User Account Control (UAC) for Administrator credentials. 

"The UAC prompt cannot be manipulated by voice commands by default," said the blog posting.

"There are also additional barriers that would make an attack difficult, including speaker and microphone placement, microphone feedback and the clarity of the dictation."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?