Fun with Vista’s Speech Command

Neat, this could be a new type of audio virus, or at least a fun prank like the old days with MacOS speech recognition – get an audio file say “start listening” and then tell Vista to do stuff, from the SANS blog…

On January 30th Sebastian Krahmer asked himself (out loud on the Dailydave mailing list) if Windows Vista Speech Command function could be used by a malicious website feeding a wav file which would speak commands to download malware. The idea is deceivingly simple: the wav file plays through the speakers, the microphone picks up the commands and the Speech Command happily executes them.

A fascinating discussion ensued, George Ou went off to research the concept and, at the risk of spoiling the surprise, here is the result in George’s fine words…

Simon says: download backdoor.exe (or using Vista Speech Command for fun and profit) – Link.

More:

• Issue regarding Windows Vista Speech Recognition (Microsoft) – Link.
• Casey Chesnut trying to defeat the speech hack – Link.
• Casey Chesnut attempts to fix speech reco attach – Link.
• Disagreement over impact of Vista’s analog hole – Link.