Vista voice exploit - cry wolf?

Summary:Thierry Zoller, a security consultant at n.runs AG (one of the outside companies that did pen-testing on Windows Vista), argues that George Ou’s Vista speech command exploit is borderline cry-wolf.

Thierry Zoller, a security consultant at n.runs AG (one of the outside companies that did pen-testing on Windows Vista), argues that George Ou's Vista speech command exploit is borderline cry-wolf:

Speech recognition is inherently unreliable...Since you deem the problem as remotely exploitable, let's ignore for one that I have to actively browse to a website and as such be physically in front of the PC and assume we use XSS to zombie the browser and play the audio 5 minutes later. Then we assume there is not too much background noise, assume the audio level is ok, assume the microphone is on, assume Speech recognition is used, assume audio is on, and so forth.

Too many assumption to make it a real risk for me remotely, sorry. That's my personal opinion. Is is a vulnerability ? Yes. Is it likely to work 100% like a good crafted exploit? No.

* Via Full Disclosure.

Topics: Windows, Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.