Microsoft’s digital assistant Cortana could help hackers infect a computer running Windows 10 with a virus. A pair of independent Israeli security researchers found the major security flaw this week. By giving simple voice commands, they found they could install malware and launch websites from computer’s lock screen. The hack works because Windows 10 allows a device to connect to a different network while it is still locked. This means an attacker can connect a USB with a network adapter and ask Cortana to open an unencrypted and potentially dangerous websites.
Microsoft has since resolved the issue, but researchers say Cortana still responds to other commands when locked. The two Israeli researchers, Tal Be’ery and Amichai Shulman, found that Cortana responds to some voice commands even when the computer is in sleep mode and locked. The researchers told Vice Motherboard that this could allow someone to plug a USB with a network adapter into a computer and command Cortana to open the device’s web browser and go to a specific web address, even ones that don’t use https, meaning that the traffic between the user’s device and the website is not encrypted. The malicious network adapter can then intercept the web sessions to send the device to a malicious website, where malware can be downloaded to the machine.
Photo Credit: Microsoft – Windows 10