Vista: Getting in Trouble With Speech Recognition

Hello computer...

Published on February 2, 2007 By Zoomba In WinCustomize News

Sometimes, bugs are just too funny to not talk about. Of course we expected a fair share of gotchas with Vista that would have slipped through testing, and this is one I can't imagine anyone in QA would have thought to build a test case for. Turns out, if you have speech recognition turned on in Vista, and are using speakers instead of a headset, the possibility exists for someone to play an audio file on your computer that will cause your computer to run unauthorized tasks.

Granted, the commands are limited, and if you have UAC activated, it should block anything too bad from happening. The vulnerability is also dependent on a user having speech recognition on, a microphone plugged in, and their speakers on loud enough for the microphone to adequately pick it up, so it's not so much a general vulnerability as it is something that is only likely to happen if the stars and planets all align perfectly.

Could be an issue though for gamers who regularly use VoIP software and are likely to kill UAC at the first opportunity.

I wonder how many kids on TeamSpeak or Ventrillo will giggle with glee as they say "search porn" over the channel, to mess with their buddies.

Comments

EyeGuy

on Feb 03, 2007

i downloaded a speech recognition program for xp ages ago and have been have the problem while playing counter-strike. The trick is to have a mute on your mike or headset and turn it on and off just when you're saying somthing.

Excalpius

on Feb 03, 2007

Actually, acoustic/echo cancellation code is supposed to address this, since the computer knows what sound is coming out of its own speakers and what is coming in through its own microphone. It should "subtract" the audio coming from the speakers from anything coming in through the microphone before processing by default in that case.

This default behavior should have kept Vista from "talking to itself".

I read somewhere that Vista crippled echo cancellation as part of the "new, improved" audio path, ahem. Is this still the case or is this an old/non/resolved issue?

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!