Vista voice control
-
I thought this[^] was interesting. It essentially says that if you have enabled voice control, then sound coming out of the speakers and being picked up by the mic could control the pc (uac permitting). Imagine a "virus" being distributed as a podcast! "Hello, welcome to my podcast. Format C:, Yes I'm sure" :)
ChrisB ChrisDoesDev[^]
Hi Chris, Its easy to see your interest in the idea and I had fun thinking about it too. :) I do have a problem with that article; it was sensationalist garbage. It's good to see everyone here (and many who posted in response) know how to take it. Why not take it a step further? I'm going to write up an article suggesting to remove the phones next to peoples' desks. Someone might call and give them bad instructions. We can call it the "command recognition audio proxy speech vulnerability" or just the CRAPS vulnerability. :-D Ed
-
In order to present a problem, you will need to: a) disable all of Windows' inbuilt security features, i.e. UAC, and b) configure the system for voice recognition and train it for your attackers voice. I don't see that as any different from having someone physically at your PC from a risk position -- people have to take responsibility for their own actions, you can't blame everything on someone else.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milkDavid Wulff wrote:
b) configure the system for voice recognition and train it for your attackers voice.
Do you really still have to do this on Vista? My telephone has voice dialling/commands with no training - you just set your chosen language and speak any name in the address book! And it works very well - as well as the old version where you had to store a sample of you speaking any name you wanted voice reognition for. Rich
-
I thought this[^] was interesting. It essentially says that if you have enabled voice control, then sound coming out of the speakers and being picked up by the mic could control the pc (uac permitting). Imagine a "virus" being distributed as a podcast! "Hello, welcome to my podcast. Format C:, Yes I'm sure" :)
ChrisB ChrisDoesDev[^]
:laugh:
Chris Buckett wrote:
Hello, welcome to my podcast. Format C:,
Did you forget that drives that are in use can not be formatted?
Life is nothing but an individuals perception of an immortals dream. - ME
-
In order to present a problem, you will need to: a) disable all of Windows' inbuilt security features, i.e. UAC, and b) configure the system for voice recognition and train it for your attackers voice. I don't see that as any different from having someone physically at your PC from a risk position -- people have to take responsibility for their own actions, you can't blame everything on someone else.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milkDavid Wulff wrote:
I don't see that as any different from having someone physically at your PC from a risk position -- people have to take responsibility for their own actions, you can't blame everything on someone else.
This is the difference between word recognition and voice recognition. I think that Microsoft would opt for the word recognition because it makes things easier to use for every user of that system.
Life is nothing but an individuals perception of an immortals dream. - ME
-
:laugh:
Chris Buckett wrote:
Hello, welcome to my podcast. Format C:,
Did you forget that drives that are in use can not be formatted?
Life is nothing but an individuals perception of an immortals dream. - ME
Antony Clements wrote:
Did you forget that drives that are in use can not be formatted?
Yes, I did forget, (but i was being a little facetious just to make the point :)).
ChrisB ChrisDoesDev[^]
-
Hi Chris, Its easy to see your interest in the idea and I had fun thinking about it too. :) I do have a problem with that article; it was sensationalist garbage. It's good to see everyone here (and many who posted in response) know how to take it. Why not take it a step further? I'm going to write up an article suggesting to remove the phones next to peoples' desks. Someone might call and give them bad instructions. We can call it the "command recognition audio proxy speech vulnerability" or just the CRAPS vulnerability. :-D Ed
Ed Preston wrote:
sensationalist garbage
Oh yes, but behind most sensationalism there's usually a grain of truth.
Ed Preston wrote:
the CRAPS vulnerability
Something that goes along with the job description :-D? At my last job I was fortunate enough not to have a phone :) (still had msn and email though :()
ChrisB ChrisDoesDev[^]
-
Just nitpicking here, but there is no 'Shutdown' command. I just tried it on my machine to see what the fuss is about and I can't get it to shutdown from the menu either. The closest I've got is 'start, click run, delete that, shutdown space forward-slash s, enter'. You can do it with the mousegrid too, but only if the start button is in the lower left corner. This is fun.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milkDavid Wulff wrote:
Just nitpicking here, but there is no 'Shutdown' command.
There is actually a shutdown command line in every windows version to date. In XP it was called oddly enough, Shutdown. I'm not going to touch Vista for at lerast 6 months, probably closer to a year. But it still has a shutdown command line, it's just a matter of knowing what it is called. Shutdown from the start menu makes a remote call to this .EXE so it is entirely possible to write a snippet of code for example that runs in the background that will shut the system down when it hears a certain word. I have, just for the fun of it, a small .EXE that shells out the shutdown .EXE with an immediate forced shutdown without any warning of any kind.
Life is nothing but an individuals perception of an immortals dream. - ME
-
Antony Clements wrote:
Did you forget that drives that are in use can not be formatted?
Yes, I did forget, (but i was being a little facetious just to make the point :)).
ChrisB ChrisDoesDev[^]
Chris Buckett wrote:
Yes, I did forget, (but i was being a little facetious just to make the point ).
Never the less... it will still be a fun prank. :laugh:
Life is nothing but an individuals perception of an immortals dream. - ME
-
David Wulff wrote:
there is no 'Shutdown' command.
Can't you stick that in a batch file and associate it with a voice command? (part of the 5 mins with the colleagues computer). I've just pulled the hard drives out of my vista box, so I can't experiment at the moment. I was more hypothesising than basing my ideas on fact.
David Wulff wrote:
This is fun.
:-D
ChrisB ChrisDoesDev[^]
Removing your hard drives is one way to increase security, but isn't that going to the extreme? How do you get any work done?:laugh:
-
David Wulff wrote:
Just nitpicking here, but there is no 'Shutdown' command.
There is actually a shutdown command line in every windows version to date. In XP it was called oddly enough, Shutdown. I'm not going to touch Vista for at lerast 6 months, probably closer to a year. But it still has a shutdown command line, it's just a matter of knowing what it is called. Shutdown from the start menu makes a remote call to this .EXE so it is entirely possible to write a snippet of code for example that runs in the background that will shut the system down when it hears a certain word. I have, just for the fun of it, a small .EXE that shells out the shutdown .EXE with an immediate forced shutdown without any warning of any kind.
Life is nothing but an individuals perception of an immortals dream. - ME
Antony Clements wrote:
There is actually a shutdown command line in every windows version to date
Yeah, it is in my subject line. ;)
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milk -
David Wulff wrote:
b) configure the system for voice recognition and train it for your attackers voice.
Do you really still have to do this on Vista? My telephone has voice dialling/commands with no training - you just set your chosen language and speak any name in the address book! And it works very well - as well as the old version where you had to store a sample of you speaking any name you wanted voice reognition for. Rich
It works well out of the box, but training will improve it significantly. Vista's actually trains itself constantly while you are using it, so over a few hours of use it gets used to your accent.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milk -
Antony Clements wrote:
There is actually a shutdown command line in every windows version to date
Yeah, it is in my subject line. ;)
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milkDavid Wulff wrote:
Yeah, it is in my subject line.
But you said you couldn't find it. :). they still have a DOS prompt of some description in Vista. Windows will never fully be rid of DOS despite their claims to the contrary. Don't you just love the half truths of the big green hairy monster? I know i do. ;P
Life is nothing but an individuals perception of an immortals dream. - ME