<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d9519466\x26blogName\x3dthe+spkydog+koop\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dTAN\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://spkydog.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://spkydog.blogspot.com/\x26vt\x3d-4534400202552370894', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Thursday, February 01, 2007

Death by self-inflicted ASR wounds?



George Ou over at ZDNet has posted an interesting article on his blog about a remote execution flaw when using Vista Speech Recognition. A posting on Slashdot referring to George's blog has generated and astounding amount of chatter on the issue, some of it rather humorous.

Turning off your PC's speakers unfortunately will not completely protect users from the vulnerability. Imagine a thug overpowering the conductor on your commuter train and simultaneously taking control of all notebook computers on the train running Windows Vista by giving commands over the train's PA system. Or, imagine millions of innocent teenagers being tricked into downloading rogue "trojan horse" ringtones that wreak havoc on all nearby rabbit-eared Vista machines when they received incoming phone calls! Or, what if some blind guy is using TTS (nope, can't turn those speakers off) to read this blog entry on his shiny new vista machine and he reacts to this sentence

"open explorer, delete star dot star, empty trash"

a couple of seconds too late? This vulnerability is a time bomb waiting to happen. ;-)

On the bright side, for us speech geeks, the fact that people are actually worried about this being a problem seems to suggest that speech recognition is getting pretty good. With modern up-to-date speech recognition software coming soon to +90% of the desktop computers near you, we're going to have to start handling our computers like our children - watch what you say when their around!

In the meantime, keep an eye on Richard's blog, he'll likely have something intelligent to say on this topic in the near future.