Much has been written in the past week or so regarding some security issues with Windows Speech Recognition.
Rob Chambers, who works on Microsoft’s Windows Speech Recognition team, writes about how the secure screen saver in Vista now works with WSR and how it can prevent someone from walking by your computer and issuing SELECT ALL DELETE commands.
This is a good reminder to all, especially mobile professionals who travel frequently with their Tablet PC / UMPC, to secure your screen with the secure screen saver.
when the screen saver is running if the user says something that can be recognized by the OS, whatever they say is thrown away. If the screen saver is configured to be secure, that’s the end of the story. The log on screen isn’t even shown. That’s because it wouldn’t matter much if we did show the user the log on screen, because currently (as of Windows Vista) the Windows Speech Recognition user experience doesn’t run on the secure desktop (where the log on prompting happens).
However, if you don’t have the screen saver configured to prompt you for your log on information, we’ll just dismiss the screen saver, and put the speech recognizer into the “off” mode (which could actually be “Off” or “Sleeping” depending on a number of things).