An novel security hole presented itself last week with the new version of Windows Vista released by Microsoft to customers around the world.
George Ou, and online blogger, reported on Tuesday through ZD Net that he was able to access the Start Menu on Vista and could potentially run programs through voice command audio files played through the system speakers. This type of functionality could allow a hacker to run programs, delete files and any number of other harmful processes accessible through the voice command functionality of Windows Vista.
Microsoft has attempted to downplay the issue slightly, and has addressed the Speech Recognition Issue on their Security Response Center blog. “While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation.”, said Adrian in the blog on Wednesday.
There are a few issues that have to come into alignment in order for this “shout hack” to take place. First of all the Windows Vista system would need the speech recognition feature turned on, along with speakers and microphone connected and turned on in order to play the commands and to have the computer hear them. If these items were all turned on, potentially a web site with an audio file issuing voice commands could drive different functions, such as “delete”, “shutdown”, etc.
Other factors make shout hacking a little more difficult is that the commands would be limited to functions of the user that is logged in, and a user sitting at the computer would likely hear and see these commands going on and could stop them.
Vista is the latest upgrade to the Windows operating system from Microsoft, which was recently released to consumers and is the first new OS from Windows in over five years. The purpose of the speech recognition functions in Windows Vista is to allow easier operation and more support through voice commands to help users with impairments.