Microsoft Confirms Vista Speech Attack Tactic - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Microsoft Confirms Vista Speech Attack Tactic

The company downplays the scenario since the targeted system would need to have the speech recognition feature previously activated and configured.

Windows Vista's speech recognition feature can be used by pranksters to remotely force a PC into executing some commands, Microsoft has confirmed, but the company's security team downplayed the threat.

After several security researchers posted messages on mailing lists detailing how a prank could be done -- a malicious Web site, for example, could host an audio file that shouted out commands to shut down the system -- Microsoft's Security Response Center (MSRC) replied in a blog entry Wednesday.

"In order for the attack to be successful, the targeted system would need to have the speech recognition feature previously activated and configured," wrote Adrian Stone, a MSRC program manager. "Additionally the system would need to have speakers and a microphone installed and turned on. The exploit scenario would involve the speech recognition feature picking up commands [from the speaker] through the microphone such as 'copy', 'delete', shutdown', etc. and acting on them."

According to Microsoft, Vista's User Account Control (UAC) feature can't be circumvented by speech commands.

"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue," said Stone.

Symantec, however, warned users that the risk is greater than Microsoft has let on.

"A poster on the Daily Dave mailing [list has] reported that he was able to craft a recording that successfully downloaded and executed a file from the Internet as well as manipulated the file system without requiring user interaction," Symantec said in an alert sent to customers late Wednesday.

Microsoft has not posted a security advisory or offered work-around advice, but users on mailing lists have suggested that Vista owners disable the speech recognition feature's ability to automatically load when the operating system launches.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll