Thursday, February 01, 2007

Issue regarding Windows Vista Speech Recognition

Following is the first part of my post at the Windows Connected forum from last night on the Windows Vista Speech Recognition "issue":
As reported on the MSRC Blog,
"An issue has been identified publicly where an attacker could use the speech recognition capability of Windows Vista to cause the system to take undesired actions. While it is technically possible, there are some things that should be considered when trying to determine what the threat of exposure is to your Windows Vista system."

This is another of those situations where it is "technically possible", however there are a lot of variables that would need to be met in order for an attack to be successful. There are those who will look for absolutely any angle they can find to question the security of Windows Vista.

There have been numerous repeats across the Internet today about this "issue". What I find most disturbing is the manner in which various services are headlining it; i.e., "Talking security vulnerability in Vista", "Hackers can whisper sweet nothings into Vista's ear", "Vista has speech recognition hole", and more of a similar nature.

Let's break the MSRC post down a bit and read more carefully what it would take for such an attack to be successful:

  • the targeted system would need to have the speech recognition feature previously activated and configured
  • the system would need to have speakers and a microphone installed and turned on
  • the exploit scenario would involve the speech recognition feature picking up commands through the microphone such as “copy”, “delete”, ”shutdown”, etc. and acting on them
  • the commands would be coming from an audio file that is being played through the speakers

Even if all of the above was likely and the user was not there to turn off the microphone or speakers or shutdown the computer, note the sentences below, particularly the two in bold:

  • It is not possible through the use of voice commands to get the system to perform privileged functions such as creating a user without being prompted by UAC for Administrator credentials.
  • The UAC prompt cannot be manipulated by voice commands by default.
  • There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation.

Know what I think? More sensationalism by the press and much ado about nothing.

No comments: