Posted on March 8, 2018 at 7:30 AM
Researchers have found a loophole that allows unauthorized access to machines with Cortana. The method requires physical access to the first machine but has the potential to infect entire networks of computers. Microsoft has offered a fix, but researchers feel there can be more done to tighten up security.
If you use a Windows machine, you are already familiar with Cortana. She is your AI personal assistant that comes standard on Windows platforms. She can help users out by opening apps, responding to voice commands, finding coupons and more. According to an Israeli research team, she can also open a window for hackers to access your machine.
Tal Be’ery and Amichai Shulman, say that Cortana can provide easy access, even on a locked computer. The voice command feature is what makes this possible. Hackers can exploit this by attaching a USB network adapter to a PC, then use the voice command to send Cortana to a non-HTTPS website. From there, the hackers instruct Cortana to download malware.
Of course, all of these things could be accomplished if a hacker simply moved the mouse to direct a computer to the preferred network. However, it becomes easier since Cortana allows locked devices to navigate to web pages via voice command. The flaw is not that big a problem because hackers need physical access to their target. In theory though, once the hackers get access to the first machine this way, amplification of the attack can be completely remote. Then, the initially compromised machine can spread the malware to all other machines on its network, through something called ARP Poisoning. ARP poisoning drops machines into routing traffic through an attacker’s network.
Since Microsoft became aware of the weakness, they have issued a patch that sends all of Cortana’s voice commands through Bing! The fix allows users to still issue commands to their locked devices, but with more security. Users also have the option of turning this functionality off by navigating to the Settings menu, choosing Cortana and toggling the button that says “Use Cortana Even when my device is locked” to the off position. Microsoft assures users that their devices should now be safe, regardless.
According to Tal Be’ery, this latest security flaw is a legacy of similar software development choices. He says that developers are still too blase about adding features into devices, without fully examining the security ramification. Connecting to devices via voice command is nothing new for the hacking community.
Tal and his partner are still checking for more vulnerabilities and loopholes in the system. Voice command features are not the only possible weaknesses; many devices now have functionality for hand gestures, fingerprint locks and others that could have possible weaknesses.