Vista has speech recognition hole

Microsoft Vista has an “exploit” whereby the speech recognition engine can be used to delete files (or perform other potentially malicious actions). This is an example of non-news news.

“The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as ‘copy’, ‘delete’, ’shutdown’, etc. and acting on them,” a Microsoft security researcher wrote on the team’s official blog.

Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.

Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.

This is common sense and in no intelligent way should this be construed as an “exploit.” While I’m not Microsoft apologist, it’s common sense to me that using voice recognition to perform functions on your computer otherwise performable with a keyboard is a type of perceived performance. Voice recognition is used to operate a computer without a keyboard as seamlessly as possible. It follows from that that a user should be able to speak to a computer to delete a file.

Obviously, if someone sent an MP3 with a command to delete a file via email; and if the recipient had voice recognition on; and if the recipient had his microphone on; and if the recipient had voice recognition on; and if the quality was clear enough to be recognized (after all, I request “open Firefox” and for some reason my computer hears “enter standby mode”); and if the recipient didn’t bother to stop playback after hearing the command, then that function should, as a matter of design, be executed.

To require otherwise is to defeat the purpose of voice recognition. As I said, this makes this officially non-news. If we are going to bash Microsoft, let’s adhere to the very acceptable reasons we already have to do so.