From the “security holes with a sense of humor” department comes a mildly threatening and completely hilarious story of a Vista speech recognition hole. Microsoft’s new Windows Vista contains speech recognition software that allows you to speak certain commands such as “copy”, “shutdown” and “delete” to your computer. This feature sounds innocent enough, however if a number of conditions are properly aligned it is possible for a mischievous party to control your computer by sending you an audio file of these spoken commands. Were you to unwittingly play that audio file back, your microphone would pick up the commands from your speakers, and Vista just might execute them.
Here are a few of the conditions that would need to be met:
- Vista speech recognition would need to be turned on and configured.
- Your speakers and microphone would both need to be turned on, and arranged in a way that allows the mic to pick up the sound from the speakers without interference.
- The malicious audio file must be of good clarity.
As you can see, your computer must be set up “just so” for this exploit to affect you, and even then, Microsoft claims that speech commands cannot be used to delete essential system files. We wouldn’t suggest losing any sleep over this hole, but we do hope you get a few laughs out of it. See “Vista has speech recognition hole” at the BBC for the full story.
