Vista “Flawed” with Speech Loophole for Hackers
According to security researchers, Windows Vista’s speech-recognition feature is flawed and hackers could use it to remotely force a PC to execute commands.
Security researchers began offering details on how pranksters could exploit the speech technology just a day after the consumer launch of the new operating system.
A malicious Web site, for example, could load an audio file that shouts commands to shut down the operating system without the user’s authorization, they say.
While some security researchers believe Vista’s first public flaw is serious, Microsoft has downplayed the risk, noting that a targeted system’s speech-recognition feature would need to be configured correctly for the attack to be successful.
Microsoft insisted that Vista’s User Account Control feature could not be circumvented by speech commands. The new feature is responsible for not giving rogue programs administrator-level access to key operating system functions.
Windows Vista offers a high-end speech recognition feature in the built-in speech-to-text conversion software, which controls the Windows interface and dictating text.