Vista Security Hole Discovered
13 02 2007All hyped up about Windows Vista’s feature and security? Well, don’t go boasting around yet…
It seems that the security honeymoon for Microsoft’s Windows Vista operating system has ended early, after it was discovered that a flaw in Vista could allow remote attackers to take advantage of the new operating system’s speech recognition feature. According to researchers who are still investigating on the flaw, the vulnerability could allow an attacker to use the speech recognition feature to run malicious programs on Vista systems using prerecorded verbal commands.
The potential security hole was discovered after an online discussion prompted blogger George Ou to try out a speech-based hack. Ou reported that he was able to access the Vista Start menu and, conceivably, run programs using voice commands played over the system’s speakers.
If you are already running Vista, don’t worry as the effects are minimal. The vulnerability would occur only if you have the speech recognition feature enabled and have a microphone and speakers connected to your system. Successful attackers would need to be physically present at the machine (phew), or figure out a way to trick the computer’s owner to download and play an audio recording of the malicious commands. Even so, the commands would somehow have to be issued without attracting the attention of the computer’s owner.
Attackers’ commands are also limited to the access rights of the logged on user, which may prevent access to any administrative commands.
If you’re concerned about being “shout-hacked”, Microsoft recommends that you disable the speaker or microphone, turn off the speech recognition feature, or shut down Windows Media Player if you encounter a file that tries to execute voice commands on their system.
Read: http://www.infoworld.com/article/07/02/01/HNvistaspeechbug_1.html
