Vista voice control
-
I thought this[^] was interesting. It essentially says that if you have enabled voice control, then sound coming out of the speakers and being picked up by the mic could control the pc (uac permitting). Imagine a "virus" being distributed as a podcast! "Hello, welcome to my podcast. Format C:, Yes I'm sure" :)
ChrisB ChrisDoesDev[^]
-
I thought this[^] was interesting. It essentially says that if you have enabled voice control, then sound coming out of the speakers and being picked up by the mic could control the pc (uac permitting). Imagine a "virus" being distributed as a podcast! "Hello, welcome to my podcast. Format C:, Yes I'm sure" :)
ChrisB ChrisDoesDev[^]
-
Is this not the perfect example of a Re-Post
Brad Australian - Christian Graus on "Best books for VBscript" A big thick one, so you can whack yourself on the head with it.
Oh big pants. Where?!
ChrisB ChrisDoesDev[^]
-
Is this not the perfect example of a Re-Post
Brad Australian - Christian Graus on "Best books for VBscript" A big thick one, so you can whack yourself on the head with it.
Right, I see. That'll teach me to read everything thorougly first! I'm ready for those 1's. :laugh::laugh:
ChrisB ChrisDoesDev[^]
-
Is this not the perfect example of a Re-Post
Brad Australian - Christian Graus on "Best books for VBscript" A big thick one, so you can whack yourself on the head with it.
Bradml wrote:
Is this not the perfect example of a Re-Post
Yes it is. I have never seen reposts such close together. I mean there is not even a gap of one post in between.:omg:
-
Bradml wrote:
Is this not the perfect example of a Re-Post
Yes it is. I have never seen reposts such close together. I mean there is not even a gap of one post in between.:omg:
-
I thought this[^] was interesting. It essentially says that if you have enabled voice control, then sound coming out of the speakers and being picked up by the mic could control the pc (uac permitting). Imagine a "virus" being distributed as a podcast! "Hello, welcome to my podcast. Format C:, Yes I'm sure" :)
ChrisB ChrisDoesDev[^]
Nice example, that is worth a five repost or not. :-D Surely if you have a keyboard attached to your PC then you have exactly the same level of risk?
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milk -
Nice example, that is worth a five repost or not. :-D Surely if you have a keyboard attached to your PC then you have exactly the same level of risk?
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milkDavid Wulff wrote:
Surely if you have a keyboard attached to your PC then you have exactly the same level of risk?
Surely only if you're onsite. The example given in the link is having someone at the other end of a webcam. You wander off to find something, and come back to find that they've been using their voice to control your pc. (Launch remote support or similar maybe? - perhaps I'm getting carried away) I'm beginning to imagine "youths" (yoofs) running into internet cafe's and shouting "Shutdown" as a modern day prank.:-D
ChrisB ChrisDoesDev[^]
-
I thought this[^] was interesting. It essentially says that if you have enabled voice control, then sound coming out of the speakers and being picked up by the mic could control the pc (uac permitting). Imagine a "virus" being distributed as a podcast! "Hello, welcome to my podcast. Format C:, Yes I'm sure" :)
ChrisB ChrisDoesDev[^]
Have to say I prefer your repost. I would never have read Brad's link as security generally doesn't interest me and his post had no info that would make me follow the link.
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
I don't see it happening, at least not until it becomes pointless.
-
David Wulff wrote:
Surely if you have a keyboard attached to your PC then you have exactly the same level of risk?
Surely only if you're onsite. The example given in the link is having someone at the other end of a webcam. You wander off to find something, and come back to find that they've been using their voice to control your pc. (Launch remote support or similar maybe? - perhaps I'm getting carried away) I'm beginning to imagine "youths" (yoofs) running into internet cafe's and shouting "Shutdown" as a modern day prank.:-D
ChrisB ChrisDoesDev[^]
In order to present a problem, you will need to: a) disable all of Windows' inbuilt security features, i.e. UAC, and b) configure the system for voice recognition and train it for your attackers voice. I don't see that as any different from having someone physically at your PC from a risk position -- people have to take responsibility for their own actions, you can't blame everything on someone else.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milk -
In order to present a problem, you will need to: a) disable all of Windows' inbuilt security features, i.e. UAC, and b) configure the system for voice recognition and train it for your attackers voice. I don't see that as any different from having someone physically at your PC from a risk position -- people have to take responsibility for their own actions, you can't blame everything on someone else.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milkDavid Wulff wrote:
people have to take responsibility for their own actions, you can't blame everything on someone else.
I quite agree, but I can imagine my dad (for example, or any other non techie) turning on voice control (because he's used to telling his secretary what to do, and the computer is just a version of that:) ), and being left vulnerable to this flaw without realising. You can only take responsibility for your actions if you are aware of the consequences. If there was a suitable warning when turning it on, then fair enough.
David Wulff wrote:
b) configure the system for voice recognition and train it for your attackers voice.
How long is it going to be before someone figures out the right generic vocal tones (rather than actual voice commands) to perform actions on a pc. Now that you can have sound auto playing when you visit a web page, there's all sorts of dodgy stuff you could do. As an aside, I'm now imagining the fun you could have with a colleages computer. 5 mins access to their computer and you could train it to shutdown everytime you ask them if they want a coffee. :)
ChrisB ChrisDoesDev[^]
-
Have to say I prefer your repost. I would never have read Brad's link as security generally doesn't interest me and his post had no info that would make me follow the link.
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
I don't see it happening, at least not until it becomes pointless.
-
Well fine then, have you opinion.
Brad Australian - Christian Graus on "Best books for VBscript" A big thick one, so you can whack yourself on the head with it.
I'm just picking on you. ;)
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
I don't see it happening, at least not until it becomes pointless.
-
I'm just picking on you. ;)
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
I don't see it happening, at least not until it becomes pointless.
-
Somehow I may just recover
Brad Australian - Christian Graus on "Best books for VBscript" A big thick one, so you can whack yourself on the head with it.
Sure you will, you're an Aussie, I could throw anything at you and you'd recover. Part of being an Aussie I reckon.
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
I don't see it happening, at least not until it becomes pointless.
-
Sure you will, you're an Aussie, I could throw anything at you and you'd recover. Part of being an Aussie I reckon.
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
I don't see it happening, at least not until it becomes pointless.
-
David Wulff wrote:
people have to take responsibility for their own actions, you can't blame everything on someone else.
I quite agree, but I can imagine my dad (for example, or any other non techie) turning on voice control (because he's used to telling his secretary what to do, and the computer is just a version of that:) ), and being left vulnerable to this flaw without realising. You can only take responsibility for your actions if you are aware of the consequences. If there was a suitable warning when turning it on, then fair enough.
David Wulff wrote:
b) configure the system for voice recognition and train it for your attackers voice.
How long is it going to be before someone figures out the right generic vocal tones (rather than actual voice commands) to perform actions on a pc. Now that you can have sound auto playing when you visit a web page, there's all sorts of dodgy stuff you could do. As an aside, I'm now imagining the fun you could have with a colleages computer. 5 mins access to their computer and you could train it to shutdown everytime you ask them if they want a coffee. :)
ChrisB ChrisDoesDev[^]
Just nitpicking here, but there is no 'Shutdown' command. I just tried it on my machine to see what the fuss is about and I can't get it to shutdown from the menu either. The closest I've got is 'start, click run, delete that, shutdown space forward-slash s, enter'. You can do it with the mousegrid too, but only if the start button is in the lower left corner. This is fun.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milk -
Just nitpicking here, but there is no 'Shutdown' command. I just tried it on my machine to see what the fuss is about and I can't get it to shutdown from the menu either. The closest I've got is 'start, click run, delete that, shutdown space forward-slash s, enter'. You can do it with the mousegrid too, but only if the start button is in the lower left corner. This is fun.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milkDavid Wulff wrote:
there is no 'Shutdown' command.
Can't you stick that in a batch file and associate it with a voice command? (part of the 5 mins with the colleagues computer). I've just pulled the hard drives out of my vista box, so I can't experiment at the moment. I was more hypothesising than basing my ideas on fact.
David Wulff wrote:
This is fun.
:-D
ChrisB ChrisDoesDev[^]
-
David Wulff wrote:
there is no 'Shutdown' command.
Can't you stick that in a batch file and associate it with a voice command? (part of the 5 mins with the colleagues computer). I've just pulled the hard drives out of my vista box, so I can't experiment at the moment. I was more hypothesising than basing my ideas on fact.
David Wulff wrote:
This is fun.
:-D
ChrisB ChrisDoesDev[^]
You can use a number grid too. -- modified at 8:55 Thursday 1st February, 2007 Only the number for the shutdown popup is not fixed, it varies depending on how many items are on your start menu list.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milk -
I thought this[^] was interesting. It essentially says that if you have enabled voice control, then sound coming out of the speakers and being picked up by the mic could control the pc (uac permitting). Imagine a "virus" being distributed as a podcast! "Hello, welcome to my podcast. Format C:, Yes I'm sure" :)
ChrisB ChrisDoesDev[^]
Hi Chris, Its easy to see your interest in the idea and I had fun thinking about it too. :) I do have a problem with that article; it was sensationalist garbage. It's good to see everyone here (and many who posted in response) know how to take it. Why not take it a step further? I'm going to write up an article suggesting to remove the phones next to peoples' desks. Someone might call and give them bad instructions. We can call it the "command recognition audio proxy speech vulnerability" or just the CRAPS vulnerability. :-D Ed