There has been much talk recently about thelaunch of Windows Vista, and one feature in particular: SpeechRecognition. Speech Recognition allows the user to dictate arbitrarytext to the computer (a letter for example) using speech instead of thekeyboard. It also allows the user to carry out normal computing tasksvia a choice of pre-defined commands. There are commands such as"delete that," "press escape key," and "what can I say?" This last oneshows the user what kinds of command they can use in the currentsituation. If Speech Recognition is running, but sleeping, the usersays "start listening" to activate it.
It has been suggested that Speech Recognition could be subverted fornefarious purposes using malicious audio clips. The scenario would beas follows:
• The user is browsing the Web, with Speech Recognition enabled.
• They visit a Web site, with a background audio clip that plays as soon as the site is opened.
• The audio clip contains commands that can be recognized by Speech Recognition.
• As the audio is played through the user's speakers, it is picked up by their microphone and interpreted as spoken commands.
• The commands tell the computer to do something nasty, such as deleting the user's music collection.
So is this feasible? We decided to test it out, by recording a shortaudio clip that deletes all the files in the "Pictures" folder. I thenadded the clip to a Web page and proceeded to visit that page. Sureenough, as soon as I opened the page, the computer began executing thecommands, and soon all the files were deleted from the "Pictures"folder. The video below shows what happened. (Make sure to turn off Speech Recognition before playing the video!)
Observe that it's an audio clip delivered from a Web site that deletes the files, it's not me speaking live!
Note that for this attack to work the following is necessary:
1. Speech Recognition is running.
2. Speakers are on and turned up.
3. Microphone is within range of speakers.
4. User visits malicious site or acquires audio in some other fashion (like email).
5. User allows audio clip to play to completion.
Also, Speech Recognition cannot be used to bypass UAC (User AccountControl), so unless UAC is disabled, a malicious clip can't make anycritical changes to the system. In the scheme of things, this isprobably not the most severe security risk ever to grace our presence,but it is an interesting new vector of attack that few people wouldhave considered previously. Credit to Sebastian Krahmer for firstsuggesting the attack, and George Ou for verification.