Birth of the Verbal Hack? Microsoft Corp. said Wednesday that a voice-recognition feature built into Vista -- the new version of Windows that went on sale this week -- could be exploited remotely to delete files on a victim's machine if he or she visited a Web site that tried to issue specific commands through the computer's audio system.
Online computer security forums were abuzz this week with discussions of ways to exploit the new feature. In the DailyDave online security newsgroup, one commenter described a successful test in which he managed to delete his entire "My Documents" folder using the voice command feature. An attack recorded as an audio file and automatically played when a user visits a malicious Web site could have the same effect, security experts said.
Microsoft noted that the voice-recognition feature is not turned on by default in Vista, and that such an attack would be extremely difficult to execute.
In a posting on its security Web site, Microsoft said a targeted system "would need to have the speech recognition feature previously activated and configured. Additionally the system would need to have speakers and a microphone installed and turned on. The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy,' 'delete,' 'shutdown,' etc. and acting on them. Of course this would be heard and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation. There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation."
While Microsoft said the feature could be exploited to delete a victim's documents, it pointed out that a key component of security on Vista -- the "user account control" (UAC) feature that requires a user to enter his or her password before making any significant changes to the system -- would prevent an attacker from, installing software or creating new user accounts on the victim's PC.
Rich Mogull, a security analyst with Gartner Inc., said he doubts that many users will bother to configure and run the voice command feature in Vista, and even for those who do the real threat of falling victim to such an attack would be fairly low.
Still, Mogull said, "if they are running it, and someone can get the right kind of file to play when no one is looking, yep- you could do nasty stuff."
My personal favorite perspective on this comes from the venerable security guru Dan Geer, who offered the following challenge on the DailyDave list:
"Here's $500 for the first documented case of someone using the white courtesy phone in an airport to page Mr Shootdown, Reese Sett, Sleep Now, or whatever and blanking all the laptops in a concourse. An extra $500 if it's DC National..." [Security Fix]
9:47:19 PM 
|
