This days Cortana seems to be the perfect AI assistant, but according to the discoveries of Israeli information security researchers Tal Be’ery and Amichai Shulman, Cortana is far from perfection as it offers hackers an easy gateway to hack Windows 10 PC despite if it is locked.
Cortana has been developed in a way that if enabled it listens and responds to voice commands at all times even when the computer is locked and the software also allows direct browsing to websites. The information security training researchers claim that an attacker can hack a computer by issuing voice commands and force it to visit a non-HTTPS website.
In accordance to experts, the attack requires a USB network adapter which when attached to the victim’s PC, the traffic to the PC is intercepted and redirected to the malicious website that the attacker has loaded with malware. Using a mouse, an attacker can connect the targeted PC to any Wi-Fi network. On the other hand, the attack method relies upon having physical access to the target machine, which serves as the only obstacle to attackers. But, the physical access is needed only for compromising the first computer and not to amplify the attack.
“So this attack is not only limited to the physical access scenario but also can be used by attackers to expand their access and jump from one computer to another,” Tal Be’ery told Motherboard.
The information security training professionals explain; “When a computer is infected, it can be forced to communicate with other computers available on the local network and spread the infection using a technique called ARP Poisoning. This method allows an infected PC to trick the machines on the local wireless network to route their incoming traffic via the attacker’s network”.
Shulman noted that “even when a machine is locked, you can choose the network to which that machine is attached. It’s interesting if it’s to abuse a locked computer but… It’s more interesting if it can be done remotely.”
Microsoft was informed about this issue and the company took immediate measures by passing Cortana’s internet requests via Bing but the software still responds to requests when the PC is locked. To ensure that your computer stays protected, you need to disable Cortana on Windows 10 lock screen.
Tal Be’ery said that the issue is caused by the developers’ penchant to introduce new interfaces into computers without properly assessing their security implications.
Until the vulnerability is fixed, information security training specialists suggest to protect computers users can configure it to password-lock after a specific duration when the machine is inactive, which would prevent someone from infecting the computer by gaining physical access.