Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Security & Virus Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=38)
-   -   Malwave via Vista Speech Command (https://www.cableforum.uk/board/showthread.php?t=33607251)

Gareth 01-02-2007 17:02
Malwave via Vista Speech Command
 
SANS has a funny story today about how the Speech Command function in Vista can be used to download malware via your PC's speakers...
Quote:
On January 30th Sebastian Krahmer asked himself (out loud on the Dailydave mailing list) if Windows Vista Speech Command function could be used by a malicious website feeding a wav file which would speak commands to download malware. The idea is deceivingly simple: the wav file plays through the speakers, the microphone picks up the commands and the Speech Command happily executes them.

A fascinating discussion ensued, George Ou went off to research the concept and, at the risk of spoiling the surprise, here is the result in George's fine words:


"I recorded a sound file that would engage speech command on Vista, then engaged the start button, and then I asked for the command prompt. When I played back the sound file with the speakers turned up loud, it actually engaged the speech command system and fired up the start menu. I had to try a few more times to get the audio recording quality high enough to get the exact commands I wanted but the shocking thing is that it worked!"
:D


All times are GMT +1. The time now is 17:37.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum