Vista's voice recognition could lead to malicious commands being executed


vista.jpgVista’s voice recognition software, when combined with a malicious audio file, could potentially delete files from users’ PCs, Microsoft has admitted.

Whilst the risk is fairly low, it’s possible that ‘delete’ commands could be crafted into an MP3 audio file, sent via email or embedded in a web site, and then responded to by the PC when played over the speakers.

It does sound a little far-fetched, particularly when there are far more obvious and worrying malwares around. It would require the speakers and microphone to be on, for the mic to pick up the commands being spoken, and for the user not to notice that the commands were being spoken.

Tests have shown that users were able to delete files and empty the trash using this method, and whilst this is fairly serious in itself (particularly if you don’t have a utility to retrieve erased files), Microsoft said that the voice recognition can’t be used for privileged commands such as creating or deleting users or formatting a hard drive.

“While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little – if any – need to worry about the effects of this issue on your new Windows Vista installation,” said a Microsoft researcher.

Andy Merrett