On TechRepublic: Windows 7 keyboard shortcut cheat sheet
BNET Business Network:
BNET
TechRepublic
ZDNet

February 2nd, 2007

Vista voice exploit - cry wolf?

Posted by Ryan Naraine @ 7:47 am

Categories: Vulnerability research, Windows Vista

Tags: Audio, Voice, Microsoft Windows Vista, Ryan Naraine

Thierry Zoller, a security consultant at n.runs AG (one of the outside companies that did pen-testing on Windows Vista), argues that George Ou’s Vista speech command exploit is borderline cry-wolf:

Speech recognition is inherently unreliable…Since you deem the problem as remotely exploitable, let’s ignore for one that I have to actively browse to a website and as such be physically in front of the PC and assume we use XSS to zombie the browser and play the audio 5 minutes later. Then we assume there is not too much background noise, assume the audio level is ok, assume the microphone is on, assume Speech recognition is used, assume audio is on, and so forth.

Too many assumption to make it a real risk for me remotely, sorry. That’s my personal opinion. Is is a vulnerability ? Yes. Is it likely to work 100% like a good crafted exploit? No.

* Via Full Disclosure.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 8 Talkback(s)
Serious users DONT use headsets
I can see your point JB, but I'm afraid I have to take issue with that fact. As as parent to a disabled child, and having contact with many others through her school and socially, I can say that most ... (Read the rest)
Posted by: HexHammer67 Posted on: 02/05/07 You are currently: a Guest | | Terms of Use
Cry wolf because they themselves didn't find it?  georgeou | 02/02/07
Let's use the 100% reliable exploit standard from now on  georgeou | 02/02/07
Agree, but...  Ryan NaraineZDNet Moderator | 02/02/07
Serious as in for those who use voice, not serious for 99.9% who don't  georgeou | 02/02/07
Forgotten statistics...  HexHammer67 | 02/03/07
Yeah sorry, might be more than .1% and it is very serious for them  georgeou | 02/03/07
Not worth the hacker's trouble  jbaynham@... | 02/04/07
Serious users DONT use headsets  HexHammer67 | 02/05/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here