[microphone]

Microphone © Christophonics / CC

rec.humor.funny, circa 1994:

At a recent Sacramento PC User’s Group meeting, a vendor was demo’ing his company’s latest speech recognition software. He was just about ready to start the demo, and asked everyone in the room to quiet down. Just as he was ready to start, someone from the back of the room yelled, “FORMAT C : RETURN”

Fast forward 13 years and join me at the Microsoft Security Response Center Blog for an Issue regarding Windows Vista Speech Recognition:

An issue has been identified publicly where an attacker could use the speech recognition capability of Windows Vista to cause the system to take undesired actions. … The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as “copy”, “delete”, “shutdown”, etc. and acting on them. These commands would be coming from an audio file that is being played through the speakers.

That’s not the funny part. Here’s the funny part:

In order for the attack to be successful, the targeted system would need to have the speech recognition feature previously activated and configured. Additionally the system would need to have speakers and a microphone installed and turned on. … There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation.

Well thank goodness for that. Microsoft finally adds speech recognition to Windows, but they skip the part about preventing the output from the speakers from being treated as input to the microphone (you know, like phones have done for 100 years). But I shouldn’t worry, because the exploit scenario requires me to have speakers and a microphone.

In the interests of full disclosure, here are some other prerequisites that need to be in place before you could be affected by this exploit scenario:

  1. Your computer must be turned on. It’s amazing how often people need to be reminded of this.
  2. You must be logged into your computer, and not, say, sitting at the BIOS prompt that says “No keyboard found, press F1 to continue…”
  3. You must have more than 1 GB of available RAM. Windows can not play audio files with less than 1 GB of RAM.
  4. The audio file containing the exploit must be properly licensed, you filthy pirate. Windows will not play copyrighted material under any circumstances, even if the material is trying to take over your computer. Microsoft considers this a feature, not a bug.
  5. If you are currently experiencing a Blue Screen Of Death, you are not vulnerable to this exploit. Microsoft’s patented Blue Screen Of Death, built into all recent versions of Windows, protects you from security exploits for as long as it is active. Warning: if you reboot your computer, you will no longer be protected by the Blue Screen Of Death.
  6. You need to be on a planet with atmosphere, and not, say, drifting in space. Sound doesn’t travel in space. Everybody knows that.
  7. If you have recently cursed at your computer and smeared white-out on your microphone in a futile attempt to wash away the stains of your blasphemy, you should install Microsoft Confession™. You’ll still be vulnerable to this exploit; I just wanted to take this opportunity to do a little cross-selling.
  8. You must have your speakers near your computer, and not, say, submerged under six feet of Altuvian mud. Sound doesn’t travel in Altuvian mud. Everybody knows that.
  9. Do not use your microphone as a dildo while Speech Recognition is turned on. Microsoft is not responsible for any damage caused to your computer while using a live mic as a dildo, including, but not limited to, renaming every file on your hard drive to “Oh oh oh baby oh God oh yes yes yes.”
  10. Oh yeah, and you need to be running Microsoft Windows Vista. Oh oh oh baby oh God oh yes yes yes you do. Which I’m not, and never will.

§

Eleven comments here (latest comments)

  1. Vista Voice Exploit - Flaw Or Not? on iface thoughts (pingback)

  2. What if I’m drifting in space, but in a space ship? God, I hope they never install Vista on the Space Shuttle. “Discovery, this is Houston. Please start the engine shutdown sequence on return to atmosphere.”

    — Pete Lacey #

  3. This suggestion is wildly easier to suggest than it is to implement, but could a check be made against what is currently going out of the speakers and what the system is currently planning to execute? If such a comparison could be made it would eliminate this goofy exploit.

    — Josh Peters #

  4. Josh, a negative feedback loop is really simple to implement. It is probably standard in PA and music amplification systems.

    This really was a big oversight, but I think Microsoft was busy with rewriting their technological usage restrictions (TUR, often euphemized as digital rights management [DRM]) and figuring out how to force OOXML file formats through ISO as an “alternative” to ODF/ISO 26300, so that they could prevent competition in the office suite arena.

    — W^L+ #

  5. Note that the content protection in Vista interferes with echo cancellation, so just wrap your exploit sound file in DRM and away you go. Unless of course the system doesn’t have a protected audio path, in which case they’ll hear nothing.

    — James #

  6. Firmly Wedged - » Delete documents empty trash (pingback)
  7. The Lunatic Fringe » Blog Archive » Speakers and a microphone (pingback)
  8. c3w » Blog Archive » Das Offensichtliche (pingback)
  9. Oh não… » Blog Archive » Vista at it’s best (pingback)
  10. El Diablo en los Detalles | El Mejor Virus para Windows Vista (pingback)

  11. Brings this to mind:

    http://www.youtube.com/watch?v=LxQm3IsSKAo

    The only appropriate way to install Vista, IMHO.

    — John Klassa #

Respond privately

I am no longer accepting public comments on this post, but you can use this form to contact me privately. (Your message will not be published.)



§

firehosecodeplanet

© 2001–9 Mark Pilgrim