Careless talk costs files

February 20th, 2007

Ha! I missed this! This is wonderful. There’s a security hole in Vista for which I can’t really attach much blame to Microsoft – I don’t think I’d have thought of it either…

Vista has a speech recognition engine built in – apparently it’s not too bad, at least for telling your PC to execute simple commands like copying files, closing windows etc.

The security hole is that if you have the recognition switched on, and somebody sends you an audio file by email or IM, and you play it, the microphone will pick up the sound coming out of your speakers. If that sound happens to be speech with instructions to delete a file and empty the trash folder, your computer might well obey it!

Presumably this can also happen with a web page you might browse to… You know those annoying ones which have some animation playing audio and you can’t work out how to turn it off? Well, imagine that the audio says something along the lines of ‘Send a New mail message to All your contacts with Subject: I love this product….’