Don't speak / I know just what you're saying
February 1, 2007 12:15 PM   Subscribe

Speak n Spell your way into remote control of a Vista box.
posted by Blazecock Pileon (24 comments total) 1 user marked this as a favorite
Fascinating. Low tech, high yield, just like the terrists.
posted by goodnewsfortheinsane at 12:24 PM on February 1, 2007

I'm... speechless. And safe.
posted by ardgedee at 12:24 PM on February 1, 2007 [1 favorite]

previously ;)
posted by pruner at 12:27 PM on February 1, 2007

And we thought the [img] tag was deadly!
posted by wheelieman at 12:27 PM on February 1, 2007

Heh, that's funny. Microsoft may have trouble fixing this. It's claimed that they have deliberately crippled the sound output system in Vista; the computer is not able to monitor the outgoing sound, because it might be music and you might be trying to steal it. They've disabled a whole class of applications (echo cancellation comes to mind) because you might be a thief.

They may have some really tricky patching to do to fix this one.
posted by Malor at 12:27 PM on February 1, 2007

Oh and let me reiterate, in case folks have missed my earlier comments on the subject: if you install Vista on your computer, you no longer own it. Microsoft and Hollywood do.
posted by Malor at 12:28 PM on February 1, 2007

I never would have thought of this. It just goes to show that there will always be another vulnerability in some area you never even dreamed of.
posted by grouse at 12:33 PM on February 1, 2007

Yeah, I did miss that Malor. Any chance you have facts to link to?
posted by rocket88 at 12:36 PM on February 1, 2007

When I got my Mac I set to always listen to really impress people. ("Tell me a joke"). Then I was watching a movie and somebody said "Don't do that! Stop!" and the movie stopped.

On Preview, Malor might have a point - this might have been a coincidence since I think apple is known to be good with echo cancellation .
posted by Brainy at 12:38 PM on February 1, 2007

rocket88: The search function here on MeFi is hard to use, and I've talked about this at some length on another board, so I'll just point you there instead. The thread starts with a good link, then there's various bits of discussion, devolving into some heat and noise... but then page 5 has several new links supporting the original assertions.

Remember, these claims that people are making are taken directly from the Microsoft documentation and license agreements. It's not just idle speculation. It's there in black and white.
posted by Malor at 1:17 PM on February 1, 2007

Oh and also note... the very first link, "A cost analysis of Vista content protection" does get rather hyperbolic at times. Read past that to the facts underneath.
posted by Malor at 1:19 PM on February 1, 2007

I wonder whether it might be possible to create sounds (embedded in webpages or hidden in normal webradio streams) that specifically trigger the speech recognition algorithms without necessarily sounding like a human voice. I don't know what kind of technology they use, but it could possible be sensitive to a range of sounds or noises that aren't as readily detectable by a human listener as normal human speech is; something along the lines of sine-wave speech, for instance, that appears to be meaningless noise unless you know what to listen for.
posted by PontifexPrimus at 1:21 PM on February 1, 2007 [1 favorite]

The cost analysis guy was interviewed on Security Now a few weeks ago. Definitely woth a listen.
posted by aerotive at 1:30 PM on February 1, 2007

You're missing the "hilarious" tag.
posted by vbfg at 1:30 PM on February 1, 2007

Fundamentally they acknowledge the problem, they say that they are looking into it and in the meantime give you an excellent pointer to where the issue could cause real harm, i.e. healthcare.

Uh, no. They point to their healthcare subsite which describes the helpful uses of the speech-recognition feature. That interpretation didn't actually inspire my confidence (in the SANS guy).

I'm very surprised this isn't disabled by default. I know that some systems like Dragon are designed to avoid accidental activation, but I don't know for sure that they have avoided malicious activation.

And PontifexPrimus raises a good point, that activation may be possible using sounds that are not recognizable as human speech. The last line of defense is always the physical access to the computer.
posted by dhartung at 1:50 PM on February 1, 2007

posted by Terminal Verbosity at 1:55 PM on February 1, 2007

Microsoft bashing aside, that's actually a pretty creative vector for attack. Ungainly, perhaps, but definitely original. If I'm ever involved in an overly complex plot to rob a bank vault with an all star ensemble cast of legendary thieves and a cool car chase at the end, I'll definitely keep this in mind.
posted by Drunken_munky at 3:04 PM on February 1, 2007

*slaps forehead*

7 years in the making, 2 of which involved widespread beta testing, and now... 2 days after the big rollout, they figure this out? "Computer! Defenestrate!"
posted by Devils Rancher at 3:23 PM on February 1, 2007 [1 favorite]

PontifexPrimus: My god, that's quite an incredible link. If you're going to visit it, be sure to listen to the first examples in order so that you can really hear the "pop-out" effect. In any case, I think you're on to something - these speech algorithms probably do a lot of filtering of the regular speech to break it down into more generic waves that the algorithm can better decode. If you do this processing beforehand and simply play audio that's already broken down into more generic components, the algorithm would probably be able to decode it with much greater accuracy with the side effect being that it would sound even less like human speech to humans.
posted by odinsdream at 3:49 PM on February 1, 2007

Malor: here.

This is so hilariously bad. I love the idea of your computer talking itself to death.
posted by quin at 3:50 PM on February 1, 2007

Suddenly, the idea of embedded sound files on web pages sounds good.

"File" "Exit" "Okay"
posted by eriko at 4:17 PM on February 1, 2007

Actually seems like an "easy" fix.. just insert a prompt for potentially naughty commands like "empty trash"... so when the computer hears "delete file. empty trash.", it comes back with "please repeat the following randomly generated numbers before I empty your trash: 87312"

Come on. This was solved in Star Trek: TNG. Picard had to say his authorization codes before doing anything like dumping the warp core...
posted by mhh5 at 4:45 PM on February 1, 2007

pontifex, that's an incredible link, you should fpp it, if it hasn't been already.
posted by empath at 6:26 PM on February 1, 2007

Suddenly I have flashbacks to when I demonstrated old MacOS speech recognition to my mate, years ago. A little while after, as I was typing, he leaned over. "Computer! Shut down! Yes!"
And that was that.

posted by i_am_joe's_spleen at 10:05 PM on February 1, 2007

« Older Liveblogging at Scooter Libby Trial   |   Cyber Gearheads Prevail Newer »

This thread has been archived and is closed to new comments