Could Windows Vista’s speech command be used as a remote exploit?



January 31st, 2007

This from George Ou:

I recorded a sound file that would engage speech command on Vista, then engaged the start button, and then I asked for the command prompt.  When I played back the sound file with the speakers turned up loud, it actually engaged the speech command system and fired up the start menu.  I had to try a few more times to get the audio recording quality high enough to get the exact commands I wanted but the shocking thing is that it worked!  Anyone that's ever visited MySpace knows how many annoying webpages out there that will start blasting loud MP3 music as soon as they enter the page. 

Very interesting.  I don't think that enough people will have the speech command enabled to make this a worthwhile exploit.  But, having said that, I am surprised that the operating system doesn't filter out sounds originating from the PC - surely only signals from the microphone should be used in this way?

This entry was posted on Wednesday, January 31st, 2007 at 11:32 and is filed under PC Doctor's Thoughts, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.