If you have to use a side channel attack to ensure that the microphone is on and the speakers are active (what ideal target environment will have them both enabled or even fitted? No, I don't believe healthcare will be one), why don't you just use that channel to launch the primary attack? While there is a real concern about this issue, that is all it is - a concern.
I agree with Thierry that this is a low risk situation. It will be fun for pranking and the occasional exploit (hmm, it appears my drink holder has been replaced with a credit card slot on my computer), but will be harmless for most. It will be more fun to bind sound to system events, so that every time a dialogue box was presented the system helpfully shouts out 'Cancel'. Okay, so Microsoft's implementation of this feature could have been somewhat better, but it isn't really worth the hype and coverage that it has received to date. Carl Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
