I think we should call this the Sam Beckett attack.

04 February 2007

Just when you thought attacks couldn't get any more oblique, along come Sebastian Krahmer and George Ou, who figured out how to use Vista's audio playback and voice recognition systems to compromise a box. It started off with Krahmer musing on the Dailydave list about whether or not it would be possible to craft a recording of someone reciting voice commands that could be picked up by Vista Speech Command running on the same box through a plugged in microphone. George Ou took the idea and ran with it, and came up with a couple of .wav files that do things like run a copy of cmd.exe, open Internet Explorer, and go to a particular URL. That URL can cause IE to infect itself with whatever malware you like... thanks to services like TinyURL, a long and convoluted URL can be ground up into something much smaller and easier to speak in such a manner that Speech Command can make use of it.