03 February 2007
Vista's First Post-Release Flaw
There's a lot of new around of the 'first' flaw in Vista since its official release. The speech recognition feature makes it possible for a website to include audio that features Vista commands to delete files or run programs or any other unprivileged commands such as copy, delete, and shutdown to name a few.
To be accomplished users have to have already configured the speech recognition and have it activated as well as have a live microphone and speakers. For those who are using speech recognition, this seems to be a very probable situation as most people using the feature would want to continue to use it while on the web and so would not have their microphone turned off, but listening for the next command.
From a security point of view, it could cause a security risk if the command is able to run an installer without user intervention or if it is able to email files to someone. Without this ability, it just becomes a major annoyance and risk that can cause people to lose files, have files moved, their system restarted and at a basic level controlled from an outsider. The outsider under a normal situation would have no view of the system and this would all be visible to the user, who may or may not have time to react to the situation.
To be accomplished users have to have already configured the speech recognition and have it activated as well as have a live microphone and speakers. For those who are using speech recognition, this seems to be a very probable situation as most people using the feature would want to continue to use it while on the web and so would not have their microphone turned off, but listening for the next command.
From a security point of view, it could cause a security risk if the command is able to run an installer without user intervention or if it is able to email files to someone. Without this ability, it just becomes a major annoyance and risk that can cause people to lose files, have files moved, their system restarted and at a basic level controlled from an outsider. The outsider under a normal situation would have no view of the system and this would all be visible to the user, who may or may not have time to react to the situation.
Labels: internet, microsoft, os, security, vista, vulnerability, windows
Comments:
<< Home
I agree that this 'flaw' sounds more like a joke than any real important issume, but assuming someone is using the speech recognition while searching the web, it is theoretically possible. Every voice recognition system could have this problem though and it does rest on the user more than the OS to avoid the problem.
Post a Comment
<< Home
