Re: [Full-disclosure] Vista Speech recognition

[Sûnnet Beskerming <info@xxxxxxxxxxxxxx>]

If you have to use a side channel attack to ensure that the  
microphone is on and the speakers are active (what ideal target  
environment will have them both enabled or even fitted? No, I don't  
believe healthcare will be one), why don't you just use that channel  
to launch the primary attack?  While there is a real concern about  
this issue, that is all it is - a concern.

I agree with Thierry that this is a low risk situation.  It will be  
fun for pranking and the occasional exploit (hmm, it appears my drink  
holder has been replaced with a credit card slot on my computer), but  
will be harmless for most.  It will be more fun to bind sound to  
system events, so that every time a dialogue box was presented the  
system helpfully shouts out 'Cancel'.

Okay, so Microsoft's implementation of this feature could have been  
somewhat better, but it isn't really worth the hype and coverage that  
it has received to date.

Carl

Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/