Computer, delete self

Summary: The Speech Recognition feature of Windows Vista allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. ”

I’m not sure its fair to call that a Vista Vulnerability. but it’s listed as one. I just happened to find it funny ;)


so if you have a *bad* user, who brings in an outside haxxzors website, and that website has a sound file embedded in the web page, and that sound file has vocal commands in it, and if your microphone is enabled, and if the user plays the sound file while in Windows Explorer…..bad commands could be executed.


Why wouldn’t the user just do the bad commands theirself? Unless, haxxzors are just hoping for a super idiot user with an enabled microphone to run the sound file while in Windows Explorer. :P

You don’t need sophisticated software for that attack, simply create an HTML page that says “Read this phrases aloud and a gorgeous blond will be at your door in 10min: Computer, self-destruct; Computer, first hit your owner with the mouse because he is obviously a fool that does not deserve to own you” :).

Ummm, it would be interesting to count how many people would be so “obstuse”… hehehe

Unless, haxxzors are just hoping for a super idiot user with an enabled microphone to run the sound file while in Windows Explorer. :P

Or Internet Explorer or via an attachment. I think thats what the exploit is about. Someone *might* buy a new Vista PC, turn it on, leave the microphone where it can hear the speakers, and open an email or follow a link (pr0n surfing, Vista activity#1 for this guy) and sit there while a sound file says “open folder my documents. run regedit. format c:”.

Or maybe the sound file has a really, really, really long pause hoping the user will be AFK when this voice, loud and clear enough for the voice recognition system to obey, starts spouting commands and opening windows/etc. Or maybe the vulnerability guys rate it as ‘medium’ because it clearly targets deaf people.

Of course – being serious for a moment – it could be that there are some simple voice commands that a website could blurt out that might start some more nefarious process faster than you can react that they then stick on one of those typo-domain camps. If the site can say “click 53” or it might be able to operate the Vista security stuff – so you might visit a website which has a trojan and the site has a voice file that says “click approve” in the hopes of tricking your system into accepting it.

I think the guts of the problem is that, because of the Vista DRM systems, the speech recognition system can’t perform noise cancellation – an XP system can, and thus won’t hear itself.

It sounds like an ultra-low risk vector to me. I guess someone at NIST doesn’t like Vista :)

If the computer ever says “Someone set us up the bomb”, run like hell.

Maybe it can be triggered by subliminal messages embedded in videos?

“you dont have the FORMAT to C my COLON”


Hey, you laugh, but imagine if you happened across one of those annoying audio-ads that was in the middle of saying “DONT UPGRADE WINDOWS”. It could overlook the “DONT” part.

Wait. You see ads on the internet?

Firefox + AdBlocker + Filterset G = Love
(and add in Flash Blocker, TinyURL Creator, and Colorful Tabs)

setup a phished page, embed a sound file and send it to a loopback sound interface? i wouldn’t be surprised if the ‘sound file’ doesn’t need to be audible in this case instead just gets directly translated to a command w/o ever hearing anything.

also, bloo, grab the plug-in for firefox called “ImgLikeOpera”. it’s great if you hate seeing images from sites other than the originating site. a simple right click displays the images it blocks.

Ooh, can you add custom voice commands?
“Hi boss”

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: