Blog Post

Vista Social Engineering

This is a new one to me and rather humorous for a hack. It seems Vista is flawed, go figure, where a cracker can gain access and run commands on your computer by:

SHOUTING COMMANDS THROUGH THE SPEECH-RECOGNITION FEATURE!

I thought I had heard it all. So if you stumble upon a website and hear “CONTROL ALT DELETE,” don’t panic, as it is meant for a Windows Vista user. This brings social engineering to the computer now, simply amazing. What’s next?

๐Ÿ™‚

This entry was posted in Personal. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.
  • Pingback: Spiff, O Astronauta » Blog Archive » Windows Vista cria novo tipo de hacking!()

  • Joshua Hudson

    This is funny, I’ll give you that. But in their defense it is such a small attack ratio that it isn’t even funny.

    1. speech rec . is not turned on by default.

    2. Microphone and speakers would have to be turned on at the same time. Most sppech rec is done using a headset.

    2. The attacker would have to sound just like you or have had direct access to your computer to train speech rec to accept their voice.

    3. It is also believed that mac Os x, which also has speech rec technology would be acceptable to this, as it has similar features.

    I’m not aware of a vista speech erc software but i’m sure if it has one, it to would be acceptable.

  • Joshua Hudson

    Sorry, can’t edit. I meant to say. I’m no aware of any linux speech rec sofware..

  • There are a couple for Linux, but their quality I am unsure of. Sphinx was the last one I had heard of, but I really don’t follow that portion of software development.

    As for the defense part, well there really isn’t any for Microsoft. The only defense Microsoft has is money. The fact that a system can be exploited through a website screaming out voice commands deserves no defense. How could you develop such a system and not think about this as an issue? I mean, at college, when they would teach the speech recognition files, students would have a good time screaming “REBOOT!” It was funny to say the least, but I am sorry, this is by far the dumbest exploit I have ever heard. Obviously this wasn’t an important feature because who ever planned the logic was dead? Yes it is funny, but I am sorry there is no viable defense that I could possibly see for this. People do stupid stuff with their computers, and grandma is going to wonder what this speech crap is, turn it on, and get to browsing, get the crap scared out of her when her computer starts screaming commands at her and she loses control. My God this would make for a wonderful commercial for Apple. Have the Mac start screaming commands and the PC just fall out!!! HAHAHAH

    APPLE IF YOU DO THIS, I AM TRADEMARKING THIS RIGHT NOW! I WANT 99.9% ROYALTIES, YOU CAN HAVE THE REST ๐Ÿ™‚

  • manchicken

    Proprietary software has this negative affect. With Free Software you could simply remove the “feature” (bug) from the program and begin distribute the “modified” (fixed) copies. Yay freedom!

  • Eddie M.

    Nixternal, I think the reason why people use the word ‘hacker’ when they mean ‘cracker’ is beacuse it confuses those not paying attention and makes them think that ‘cracker’ refers to anyone of Caucasian descent.

  • Joshua Hudson

    Ok, I fully admit, I’m playing devils advocate. ๐Ÿ™‚ It’s what I do. But would free software fix this issue? I’m all for free software. The issue is the fact of the commands the system accepts. Do you make a system not accept commands the user may want to do? How do you remove this “feature” when by it’s own definition of spech rec, this is what it is made for. Do you on linux, who develop a speech rec system, not accept basic system commands? Or what is really the problem. Again, this is not just a windows problem, mac speech rec could have the same thing happen to them so while a funny commercial not really accurate.

    And you are assuming a couple things. A grandma can find the damn on switch. Two she has a microhone and speakers. Feedback and echo would be hell. That is why you use a head set for this. Three, again the system has been trained to take random commands from random people. It is not.

    One of the cool parts of free software is that you have the power to develop a speech rec system that doesnt do this. I’d love to see it. Make me proud.

  • This is great. I haven’t heard anything about Vista other than what you’ve blogged. Nobody out here, nobody that I know anyway, has bothered to upgrade. I hope people realize what a complete joke Vista is.

    Thanks for the laugh this morning ๐Ÿ™‚

  • Tianon

    Actually, I tried this on my Mac not too long ago… Used the Mac’s own Speech Synthesis and looped it right in as the microphone (after using the built-in mic didn’t work). Needless to say, it was a failure. I think Apple may be using some system to filter out the speaker noise (if mic input == speaker output, ignore). Who knows?

  • See, I thought the whole idea behind voice recognition was, well voice recognition. I thought you were supposed to be able to teach the system YOUR voice. This is great, but somehow they forgot to test someone else’s voice after the training phase. Of course I think Open Source could and would fix this way faster. I am willing to bet you have a few days to a week if not longer before MS puts out a fix. So far on the Open Source level, when an application is closely maintained, I have seen turnarounds of less than 1 day.

    I think in this case, the true color of Microsoft Quality Assurance has shined brightly. Then again, they are known for releasing what the Linux world considers a beta or pre-release version. There obviously isn’t enough time spent with testing. 5 years for Vista, so that means 4 years and 10 months of coding, 1 month of testing, and 1 month of showboating. Ridiculous to say the least.

  • Joshua hudson

    Your points are valid. I could care less either way. I’m OS agnostic, I use what I need for the task at hand, be it linux, mac or windows. I have all 3.

    This is why you never buy a microsoft OS, if you do that is, for at least a year. It lets the whole industry catch up.

    It was fun seeing your responses though. Have a great day and I enjoy the blog. Keep writing awesome software, and keep working on an awesome OS.

  • Joshua hudson

    Oh and by whole industry, I mean microsoft, their partners, hardware venders etc. I’m not implying in any way that microsoft is ahead in some way.

  • Pingback: engineering » Blog Archive » Social engineering of universities()

  • Pingback: engineering » Blog Archive » Phishing: The Forever Hack()

  • Subscribe to nixternal.com

     Subscribe in a reader

    Or, subscribe via email:
    Enter your email address:

  • Archives


semidetached
semidetached
semidetached
semidetached
%d bloggers like this: