Vista has speech recognition hole
Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders.
Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via e-mail.
In one scenario outlined by users a MP3 file of voice instructions was used to tell the PC to delete documents.
Microsoft said the exploit was "technically possible" but there was no need to worry.
The firm has pointed out that in order for the flaw to be exploited the speech recognition feature would need to be activated and configured and both microphone and speakers would have to be switched on.
"The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," a Microsoft security researcher wrote on the team's official blog.
Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.
Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.
The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.
"There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation," wrote the Microsoft researcher.
While speech recognition was a feature of Windows XP, in Vista the use has been widened.
"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation," said the researcher.
Source: http://news.bbc.co.uk/1/hi/technology/6320865.stm
Source: 
Bookmarks