Vista voice exploit - cry wolf?

Vista voice exploit - cry wolf?

Summary: Thierry Zoller, a security consultant at n.runs AG (one of the outside companies that did pen-testing on Windows Vista), argues that George Ou’s Vista speech command exploit is borderline cry-wolf.

TOPICS: Windows, Microsoft
Thierry Zoller, a security consultant at n.runs AG (one of the outside companies that did pen-testing on Windows Vista), argues that George Ou's Vista speech command exploit is borderline cry-wolf:

Speech recognition is inherently unreliable...Since you deem the problem as remotely exploitable, let's ignore for one that I have to actively browse to a website and as such be physically in front of the PC and assume we use XSS to zombie the browser and play the audio 5 minutes later. Then we assume there is not too much background noise, assume the audio level is ok, assume the microphone is on, assume Speech recognition is used, assume audio is on, and so forth.

Too many assumption to make it a real risk for me remotely, sorry. That's my personal opinion. Is is a vulnerability ? Yes. Is it likely to work 100% like a good crafted exploit? No.

* Via Full Disclosure.

Topics: Windows, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Cry wolf because they themselves didn't find it?

    They're professional pen testers and they didn't find this? That's just pathetic and this is petty. SANS Institute shot that down.
  • Let's use the 100% reliable exploit standard from now on

    "Is it likely to work 100% like a good crafted exploit? No."

    Ok let's start using this as the standard from now on. If something is not 100% reliable or not that many people use this feature, don't worry about it and shut up about it. Vendor shouldn't have to worry about patching it.

    How many vulnerabilities would get patched if we went by this standard?
    • Agree, but...

      George, totally agree this is a legitimate issue that should be fixed. But serious remote exploit? C'mon...

      Ryan Naraine
      • Serious as in for those who use voice, not serious for 99.9% who don't

        It's VERY serious as in for those who use voice, not serious at all for the 99.9% of the population who don't. Please don't take my words "serious" out of context.
        • Forgotten statistics...

          "It's VERY serious as in for those who use voice, not serious at all for the 99.9% of the population who don't. Please don't take my words "serious" out of context."

          No kidding George, but way more than 0.1% of them have disabilities.

          How many disabled people use speech recognition on their systems because they cant use a mouse or keyboard? And how many would seriously freak out when their lights start turning on and off at random, and the TV wont stay on their favourite channel because some little b*d thinks its funny?

          My daughter hasnt got anything life-threatening hooked up to hers (Even with a UPS, I wont trust a computer that far) but I do know those who have. Drug regimes. Care Schedules. Panic buttons and alarms, home control. The list is extensive and potentially very damaging, and thats just the few percent who depend on technology to live in the community.

          MS have an obligation to the very people Mr Gates seems to care most about, judging by the money he plows into the sector. I hope he honours it!
          • Yeah sorry, might be more than .1% and it is very serious for them

            For most people, this is nothing more than a funny prank because they don't have to consider what it's like to not have the luxury of using hands (carpel tunnel or some other disability for example). For those who have to make do with their voice to control their computer, there is nothing funny about it.

            Microsoft and Bill Gates were on TV boasting about new features in Vista like Voice Control. I think it's great they're adding all these new features, but that means they have to consider the security ramifications and implement the proper defenses. If no one reported this and made a big deal about it, this will either never be patched or it won't be fixed until the next version of Windows 3+ years later.
          • Not worth the hacker's trouble

            What makes this possible is also what makes it so unlikely. Any serious user of sr has to use a headset, and by default the audio output will be routed to the headset, so no dice for the hacker. If you do route audio to the speakers, sr is likely to misread system sounds (beeps and alerts) as speech, making it pretty much unusable (I know, I've tried). In the current malware climate, if there is no way of making money out of this exploit (and while deleting documents is annoying, there is no suggestion that this could be used to zombie/backdoor a machine), I can't see anyone bothering going to all this trouble for a minimal return.

            Oh and George, the 'they're hacked off because I saw it first' is not worthy of a serious discussion, and is something I would expect to see digged into the ground on other sites :(.
          • Serious users DONT use headsets

            I can see your point JB, but I'm afraid I have to take issue with that fact. As as parent to a disabled child, and having contact with many others through her school and socially, I can say that most disabled users cant use a headset any more than they can a mouse or keyboard.

            Most devices from this sector are either infrastructure in the house, hooked up to speakers mics and displays in each room, or mobile and usually attached to the users wheelchair, commonly with audio output to help communication. Now while Dragon Dictate (The most common Voice Recognition/Control software for disability) can be programmed to ignore certain types of sound including its own, Vista cannot and merely mutes the entire input or output accordingly - correspondingly either dangerous or useless, thanks Bill.

            I've been using VR/C for over 12 years, to the extent that I'm now building my own systems and software (I'm not a professional) to help my daughter. She has a Motorola A920 which I recased and wrote a PCS interpreter for that talks for her, and my home systems are set up to respond to its vocal output as well as my voice. I developed the technique to control my home studio a long time ago and it worked perfectly until I replaced it with 1Gb networking and VNC.

            As for being useless for Zombieing a machine, all a 'hacker' has to do is point its browser to a malformed site to install a trojan, easy with VC. The disabilities sector is full of poorly-educated, non-technical users and their often less-technical carers - in short, a security disaster area.

            George has a point, although the vast majority of users wont use it, the ones that do are at risk and are very vulnerable. I do my best to educate those that I know, but I'm only one man!
  • RE: Vista voice exploit - cry wolf?

    Mt2 turk MMO PvP game download online game servers
    <a href="" title="metin2" target="_blank">metin2</a> - <a href="" title="metin2 indir" target="_blank">metin2 indir</a> - <a href="" title="metin2 hile" target="_blank">metin2 hile</a> - <a href="" title="metin2 gm komutlari" target="_blank">metin2 gm komutlari</a> - <a href="" title="metin2 at gorevleri" target="_blank">metin2 at gorevleri</a>
    MMO online games, game related content turk mt2 pvp servers
    <a href="" title="metin 2" target="_blank">metin 2</a> - <a href="" title="pvp" target="_blank">pvp</a> - <a href="" title="server" target="_blank">server</a> - <a href="" title="knight" target="_blank">knight</a>
    Mt2 turk MMO PvP game servers online
    <a href="" title="metin2 pvp sererler" target="_blank">metin2 pvp sererler</a> - <a href="" title="pvp serverlar" target="_blank">serverlar</a> - <a href="" title="pvp serverler" target="_blank">pvp serverler</a> - <a href="" title="metin2 pvp sererlar" target="_blank">metin2 pvp sererlar</a> - <a href="" title="pvp kenti" target="_blank">pvp kenti</a>

    download game servers online turk mt2 pvp servers
    <a href="" title="mt2" target="_blank">mt2</a>
    <a href="" title="metin2 turk" target="_blank">metin2 turk</a>
    <a href="" title="mt2 turk" target="_blank">mt2 turk</a>
    <a href="" title="metin2 tr" target="_blank">metin2 tr</a>
    <a href="" title="metin 2" target="_blank">Metin 2</a>
    <a href="" title="alemt2 indir" target="_blank">alemt2 indir</a>
    <a href="" title="alemt2 kaydol" target="_blank">alemt2 kaydol</a>
    <a href="" title="alemt2" target="_blank">alemt2</a>
    <a href="" title="alemt2 kaydol" target="_blank">fancymt2 kaydol</a>
    <a href="" title="alemt2 kaydol" target="_blank">fancy mt2</a>
    <a href="" title="mt2 pvp" target="_blank">mt2 pvp</a>
    <a href="" title="metin2 pvp" target="_blank">metin2 pvp</a>
    <a href="" title="metin2 pvp" target="_blank">metin2 pvp serverler</a>
    <a href="" title="pvp" target="_blank">pvp</a>
    <a href="" title="metin2" target="_blank">metin2</a>
    <a href="" title="serverler" target="_blank">serverler</a>
    <a href="" title="serverler" target="_blank">serverler</a>

    <a href="" title="metin2pvpserver" target="_blank">metin2pvpserver</a>
    <a href="" title="metin2 pvp server" target="_blank">metin2 pvp server</a>
    <a href="" title="metin2 pvpserver" target="_blank">metin2 pvpserver</a>
    <a href="" title="metin2pvp server" target="_blank">metin2pvp server</a>
    <a href="" title="metin2pvp" target="_blank">metin2pvp</a>
    <a href="" title="metin2 server" target="_blank">metin2 server</a>

    <a href="" title="metin2pvpserverlar" target="_blank">metin2pvpserverlar</a>
    <a href="" title="metin2 pvp serverlar" target="_blank">metin2 pvp serverlar</a>
    <a href="" title="metin2pvp serverlar" target="_blank">metin2pvp serverlar</a>
    <a href="" title="metin2 serverlar" target="_blank">metin2 serverlar</a>

    <a href="" title="face" target="_blank">face</a>
    <a href="" title="facebook" target="_blank">facebook</a>